Twitter Updates

    follow me on Twitter

    Tuesday, May 11, 2010

    FW: SF Pac IT Pros: New attack bypasses EVERY Windows security product

    Very interesting attack news... Be aware.

    -----Original Message-----
    From: Pacific IT Pros [mailto:mlk@pacitpros.org]
    Sent: Tuesday, May 11, 2010 12:28 PM
    To: Douglas Renner
    Subject: SF Pac IT Pros: New attack bypasses EVERY Windows security product

    Pac IT Pros members: Have you heard of the KHOBE - 8.0
    earthquake for Windows? This is a update to an attack Windows security
    products from several years ago. The new attack can bypass every Windows
    security product tested and allow malicious code to make its way to your
    system. The KHOBE attack, (Kernel HOok Bypassing Engine), leverages a
    Windows module called the System Service Descriptor Table, or SSDT, which is
    hooked up to the Windows kernel. Unfortunately, SSDT is utilized by
    antivirus software. This attack does NOT need admin privileges. If you are
    running as a standard user you are susceptible.

    Below is a list of software known (at this time) to be
    susceptible to a KHOBE attack.

    I'm still gathering info, not sure how serious of a threat
    this really is. If you have information please share it with Pac IT Pro
    members at
    http://www.pacitnews.org

    http://www.pacitnews.org/2010/05/11/new-attack-khobe-bypasses-every-windows-
    security-product/

    Doug

    * 3D EQSecure Professional Edition 4.2
    * avast! Internet Security 5.0.462
    * AVG Internet Security 9.0.791
    * Avira Premium Security Suite 10.0.0.536
    * BitDefender Total Security 2010 13.0.20.347
    * Blink Professional 4.6.1
    * CA Internet Security Suite Plus 2010 6.0.0.272
    * Comodo Internet Security Free 4.0.138377.779
    * DefenseWall Personal Firewall 3.00
    * Dr.Web Security Space Pro 6.0.0.03100
    * ESET Smart Security 4.2.35.3
    * F-Secure Internet Security 2010 10.00 build 246
    * G DATA TotalCare 2010
    * Kaspersky Internet Security 2010 9.0.0.736
    * KingSoft Personal Firewall 9 Plus 2009.05.07.70
    * Malware Defender 2.6.0
    * McAfee Total Protection 2010 10.0.580
    * Norman Security Suite PRO 8.0
    * Norton Internet Security 2010 17.5.0.127
    * Online Armor Premium 4.0.0.35
    * Online Solutions Security Suite 1.5.14905.0
    * Outpost Security Suite Pro 6.7.3.3063.452.0726
    * Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
    * Panda Internet Security 2010 15.01.00
    * PC Tools Firewall Plus 6.0.0.88
    * PrivateFirewall 7.0.20.37
    * Security Shield 2010 13.0.16.313
    * Sophos Endpoint Security and Control 9.0.5
    * ThreatFire 4.7.0.17
    * Trend Micro Internet Security Pro 2010 17.50.1647.0000
    * Vba32 Personal 3.12.12.4
    * VIPRE Antivirus Premium 4.0.3272
    * VirusBuster Internet Security Suite 3.2
    * Webroot Internet Security Essentials 6.1.0.145

    Doug

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Doug Spindler
    Pacific IT Professionals
    http://www.pacitpros.org doug.spindler@gmail.com
    925-258-6600

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Pac IT News visit http://www.pacitnews.org
    Pac IT Pros web site http://www.pacitpros.org

    This email was sent to drenner@peakipsolutions.com. This email address is a member of the
    following Pac IT Pros mailing lists: News,SF.
    Manage your list subscriptions at http://www.pacitpros.org/Unsubscribe To
    change your email address, unsubscribe and then re-join Pac IT Pros at
    http://www.pacitpros.org/Join%20PacITPros

    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)