TDL4 rootkit can pwn any security product

Discussion in 'other security issues & news' started by hawki, May 1, 2014.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    It depends on the nature of the attack. If there's a binary payload running before the kernel exploit, then a HIPS will block it. If the kernel exploit runs first and then executes the payload, no.

    Mind, if we're talking about a Java based exploit, it's probably just executing a binary payload (as opposed to hijacking the JVM to run a kernel exploit, which I'm going to guess is nontrivial). I've yet to see an ITW malware dropper that does anything else...
     
    Gullible Jones, May 12, 2014
    #26
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    That´s weird, thanks for checking. Also weird that they still haven´t publicized some more details, perhaps because it´s too dangerous to share?

    In other news: Invincea strikes back! Check out this report, where it pounces on Bromium, it was really a bit painful. :D

    http://www.invincea.com/2014/05/tech-throwdown-micro-virtualization/
     
    Rasheed187, May 14, 2014
    #27
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...