x404.co.uk
http://www.x404.co.uk/forum/

Windows XP exploit bypasses AV
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=8187		 Page 1 of 1
Author:  big_D [ Tue May 11, 2010 1:36 pm ]
Post subject:  Windows XP exploit bypasses AV
http://www.zdnet.com/blog/hardware/upda ... oduct/8268

Ouch!
Author:  saspro [ Tue May 11, 2010 2:24 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
Interesting. Symantic Endpoint wasn't tested.
Author:  ProfessorF [ Tue May 11, 2010 6:55 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
saspro wrote:
Interesting. Symantic Endpoint wasn't tested.


Is that different to the Sophos Endpoint Security and Control 9.0.5 mentioned on that list?
Author:  rustybucket [ Tue May 11, 2010 9:08 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
:shock:

The One vulnerability to rule them all.

Ouchies
Author:  Nick [ Tue May 11, 2010 9:47 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
So is this a bug in the AV software, or Windows?
Author:  JJW009 [ Tue May 11, 2010 9:50 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
Sophos wrote:
So the Khobe "attack" boils down to this: if you can write malware which already gets past Sophos's on-access virus blocker, and past Sophos's HIPS, then you may be able to use the Khobe code to bypass Sophos's HIPS - which, of course, you just bypassed anyway.

While it is indeed a clever trick, I think the headline is a little OTT.
Author:  saspro [ Wed May 12, 2010 10:06 am ]
Post subject:  Re: Windows XP exploit bypasses AV
ProfessorF wrote:
saspro wrote:
Interesting. Symantic Endpoint wasn't tested.


Is that different to the Sophos Endpoint Security and Control 9.0.5 mentioned on that list?


One's made by Symantec, the other by Sophos. Similar names, very different products.
Author:  big_D [ Wed May 12, 2010 10:53 am ]
Post subject:  Re: Windows XP exploit bypasses AV
Nick wrote:
So is this a bug in the AV software, or Windows?

It is a flaw in Windows, which will allow you to circumvent the AV software - if you can get past the AV software in the first place... :?

I agree with JJW, it is overblown, although it is a serious problem.
Author:  Amnesia10 [ Wed May 12, 2010 12:43 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
JJW009 wrote:
Sophos wrote:
So the Khobe "attack" boils down to this: if you can write malware which already gets past Sophos's on-access virus blocker, and past Sophos's HIPS, then you may be able to use the Khobe code to bypass Sophos's HIPS - which, of course, you just bypassed anyway.

While it is indeed a clever trick, I think the headline is a little OTT.

Agreed, but is it possible to attack OSX and linux this way?
Author:  big_D [ Wed May 12, 2010 1:07 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
Amnesia10 wrote:
JJW009 wrote:
Sophos wrote:
So the Khobe "attack" boils down to this: if you can write malware which already gets past Sophos's on-access virus blocker, and past Sophos's HIPS, then you may be able to use the Khobe code to bypass Sophos's HIPS - which, of course, you just bypassed anyway.

While it is indeed a clever trick, I think the headline is a little OTT.

Agreed, but is it possible to attack OSX and linux this way?

Theoretically, yes...

But it is pretty moot, because most *NIX machines aren't running AV software, so you don't need to bypass it...
Author:  bobbdobbs [ Wed May 12, 2010 1:39 pm ]
Post subject:  Re: Windows XP exploit bypasses AV
Only xp.. oh well, it wont affect my systems then :lol:
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/