Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« SecurityOrb Video | Main | Angry Birds Android App Released »
Monday
Oct182010

AntiVirus Vulnerability- Detection after Execution

DateMonday, October 18, 2010 at 1:43PM

http://www.n00bz.net/antivirus-cve/

Presented at HackerHalted... This proof of concepts walks through a method of attack that AV products detect only after a known malicious payload is executed.  It is one attack that happens to work against multiple vendors; and it's not a Windows problem, it's that each vendor product allows the execution of a program before detecting the malware, by leveraging an unusual behavior of Help and Support Center through the hcp:// protocol handler.

The exploit used to trigger this behavior is CVE-2010-1885 (HelpCenter) released by Tavis Ormandy.  While this exploit is used, this is NOT a rehash of the Microsoft Helpcenter Exploit.  The purpose of this write up is to walk though the discovery and document the method used to effectively bypass AntiVirus and execute a malicious payload on a victims machine.

Authorn00bz Network | CommentPost a Comment |
tagged , , in , , , ,

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.