Interesting malware/POCs that you've come across
Page 1 of 1
Interesting malware/POCs that you've come across
Here are a few that come to mind:
A POC that can execute without actually opening the file: http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/
A fairly famous set of POCs that bypassed (at least partially) many classical HIPS including Malware Defender, Comodo's Defense+, and OA's HIPS. They also bypassed DefenseWall and GeSWall, and arguably bypassed Sandboxie (I say arguably because Sandboxie wasn't truly bypassed - nothing on the REAL system got modified, meaning Sandboxie did its job fine): http://forums.comodo.com/empty-t38189.0.html
The highly infamous .wmf exploit. Perhaps one of the most scary aspects of one of these malware variants was the fact that it could completely infect your system even without opening or browsing the infected file. That is, just having the infected file on your system was enough to allow the complete propagation of the malware. How did it do this? Well, as far as I understand it, this clever piece of malware took advantage of the Windows Indexing service (I always disable this service by the way): http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
A POC that can execute without actually opening the file: http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/
A fairly famous set of POCs that bypassed (at least partially) many classical HIPS including Malware Defender, Comodo's Defense+, and OA's HIPS. They also bypassed DefenseWall and GeSWall, and arguably bypassed Sandboxie (I say arguably because Sandboxie wasn't truly bypassed - nothing on the REAL system got modified, meaning Sandboxie did its job fine): http://forums.comodo.com/empty-t38189.0.html
The highly infamous .wmf exploit. Perhaps one of the most scary aspects of one of these malware variants was the fact that it could completely infect your system even without opening or browsing the infected file. That is, just having the infected file on your system was enough to allow the complete propagation of the malware. How did it do this? Well, as far as I understand it, this clever piece of malware took advantage of the Windows Indexing service (I always disable this service by the way): http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
Similar topics
» Interesting article about a malware known as SafeSys
» Sandboxie testing with Sandkit POCs
» Tracking down malware
» Malware: certified trustworthy
» Who said Macs were malware free?
» Sandboxie testing with Sandkit POCs
» Tracking down malware
» Malware: certified trustworthy
» Who said Macs were malware free?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|