ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Interesting malware/POCs that you've come across

Go down

Interesting malware/POCs that you've come across Empty Interesting malware/POCs that you've come across

Post by ssj100 20/4/2010, 15:48

Here are a few that come to mind:

A POC that can execute without actually opening the file: http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/

A fairly famous set of POCs that bypassed (at least partially) many classical HIPS including Malware Defender, Comodo's Defense+, and OA's HIPS. They also bypassed DefenseWall and GeSWall, and arguably bypassed Sandboxie (I say arguably because Sandboxie wasn't truly bypassed - nothing on the REAL system got modified, meaning Sandboxie did its job fine): http://forums.comodo.com/empty-t38189.0.html

The highly infamous .wmf exploit. Perhaps one of the most scary aspects of one of these malware variants was the fact that it could completely infect your system even without opening or browsing the infected file. That is, just having the infected file on your system was enough to allow the complete propagation of the malware. How did it do this? Well, as far as I understand it, this clever piece of malware took advantage of the Windows Indexing service (I always disable this service by the way): http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum