Kernel mode rootkits are more viable than has been realised and could be used to bypass more or less any security product in existence, researchers at Bromium have discovered after conducting a proof-of-concept attack using a modified variant of in the infamous TDL4 malware.
Due to be presented in more detail by the firm at this week’s Security BSides event in London, the research involved ‘tweaking’ the TDL4 variant that had appeared to take advantage of the Windows kernel privilege zero day (CVE-2013-3660), discovered in June last year.
read more...........http://news.techworld.com/security/3513668/tdl4-rootkit-can-be-modified-pwn-any-security-product-bromium-researchers-discover/
Due to be presented in more detail by the firm at this week’s Security BSides event in London, the research involved ‘tweaking’ the TDL4 variant that had appeared to take advantage of the Windows kernel privilege zero day (CVE-2013-3660), discovered in June last year.
read more...........http://news.techworld.com/security/3513668/tdl4-rootkit-can-be-modified-pwn-any-security-product-bromium-researchers-discover/