Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » Программы » Comodo Firewall Pro / Comodo Internet Security (3)

Модерирует : gyra, Maz

Widok (29-12-2009 19:30): Лимит страниц. Продолжаем здесь.  Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

   

XenoZ



Gold Member
Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору
1. RootkitInstallation: MissingDriverLoad  
What does it do ? Tries to find a driver entry in the registry that does not have the corresponding file on the disk and puts itself as the missing file.
What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.  
2. RootkitInstallation: LoadAndCallImage  
What does it do ? Tries to use a device driver loading API, that is commonly, almost always, used by rootkit developers.
What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.  
3. RootkitInstallation: DriverSupersede
What does it do ? Tries to overwrite an already existing driver on the disk and load itself as a device driver.
What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.  
4. RootkitInstallation: ChangeDrvPath  
What does it do ? Tries to change the path of an already existing driver by using service control manager.
What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges  
5. Invasion: Runner
What does it do ? Tries to modify the default browser on the disk and connect to the internet.
What is the risk ? This is a common infection method that can evade firewalls that do not check the integrity of the applications.  
6. Invasion: RawDisk
What does it do ? Tries to access the disk directly and modify its contents.
What is the risk ? This is a common infection method that could open many holes including boot sector infection and device driver loading.  
7. Invasion: PhysicalMemory  
What does it do ? Tries to access the physical memory directly and modify its contents.
What is the risk ? Accessing the physical memory directly creates many security holes by bypassing standard protection enforced by the operating system.  
8. Invasion: FileDrop  
What does it do ? Tries to drop itself to system32 directory.
What is the risk ? If the virus can drop itself into the system32 folder, it can easily infect one of the critical files in it too.  
9. Invasion: DebugControl  
What does it do ? Tries to access the physical memory directly and modify its contents.
What is the risk ? Accessing the physical memory directly creates many security holes by bypassing standard protection enforced by the operating system.  
10. Injection: SetWinEventHook
What does it do ? Tries to inject the malicious DLL using a windows accessibility API, SetWineventHook.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
11. Injection: SetWindowsHookEx  
What does it do ? Tries to inject the malicious DLL using a common windows API, SetWindowsHookEx.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
12. Injection: SetThreadContext
What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
13. Injection: Services
What does it do ? Tries to modify “Services” key in registry in order to have itself launched as a service.
What is the risk ? The malware is going to have itself automatically started with windows. The key can be used to install a rootkit or boot driver that can be used to takeover the operating system.  
14. Injection: ProcessInject  
What does it do ? Tries to inject the malicious DLL using one of the most common methods malware writers use.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
15. Injection: KnownDlls
What does it do ? Being one of the most difficult to detect infection technique, it tries to modify an operating system object in memory to make itself loaded into the trusted processes.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
16. Injection: DupHandles  
What does it do ? Tries to access the memory of another process by stealing the handles from a trusted process which already has it.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
17. Injection: CreateRemoteThread
What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.  
18. Injection: APC dll injection  
What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.
What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process  
19. Injection: AdvancedProcessTermination  
What does it do ? Tries to terminate a process by using debugging APIs.
What is the risk ? A process can be terminated in an unexpected manner.  
20. InfoSend: ICMP Test  
What does it do ? Tries send the information to the Internet by ICMP protocol.
What is the risk ? If a firewall does not filter ICMP protocol, it can miss the Trojans that transmit data using ICMP protocol.  
21. InfoSend: DNS Test
What does it do ? Tries send the information to the Internet by using Windows DNS APIs.
What is the risk ? Windows DNS APIs use trusted processes to make DNS queries causing firewalls to miss the actual process behind these requests.  
22. Impersonation: OLE automation  
What does it do ? Tries to start MS Internet Explorer then attempts to control this instance using OLE automation to transfer information to the Internet server.
What is the risk ? Firewalls can be bypassed and malicious files can be downloaded  
23. Impersonation: ExplorerAsParent
What does it do ? Tries use explorer.exe to connect to the Internet.
What is the risk ? Firewalls may miss the real applications behind the internet connection requests.  
24. Impersonation: DDE  
What does it do ? Tries to use Direct Data Exchange (DDE) to control IE's behavior and transfer data to the Internet server
What is the risk ? Firewalls can be bypassed and malicious files can be downloaded from the trusted browser process.  
25. Impersonation: Coat
What does it do ? Tries use rename itself as the default browser in memory and connect to the Internet.
What is the risk ? Firewalls may think the actual process behind the Internet connection request is the trusted browser.  
26. Impersonation: BITS  
What does it do ? Tries use Windows Background Intelligent Transfer(BITS) service to connect to the Internet.
What is the risk ? Firewalls can be bypassed and malicious files can be downloaded by using the trusted windows services.  
27. Hijacking: WinlogonNotify
What does it do ? Tries to modify “WinlogonNotify” key in registry in order to have itself launched with the logon process.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted operating system processes.  
28. Hijacking: Userinit
What does it do ? Tries to modify “Userinit” key in registry in order to take the place of userinit.exe, the process responsible for initialization of the user data after the logon.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for, increases the chance of malware survival.  
29. Hijacking: UIHost
What does it do ? Tries to modify “UIHost” key in registry in order to take the place of logonui.exe, the process executed before the logon.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for, increases the chance of malware survival.  
30. Hijacking: SupersedeServiceDll  
What does it do ? Tries to modify “ServiceDll” key in registry in order to have itself launched with the trusted operating system process svchost.exe.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted operating system processes.  
31. Hijacking: StartupPrograms  
What does it do ? Tries to modify “StartupPrograms” key in registry in order to have itself launched when the windows starts.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival.  
32. Hijacking: ChangeDebuggerPath  
What does it do ? Tries to modify “Debugger” key in registry in order to have itself launched when a program crashes.
What is the risk ? The malware is going to have itself automatically started every time a program crashes. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted processes.  
33. Hijacking: AppinitDlls
What does it do ? Tries to modify “AppInitDlls” key in registry in order to have itself injected into every process.
What is the risk ? The malware is going to have itself automatically started every time a program starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted processes  
34. Hijacking: ActiveDesktop  
What does it do ? Tries to change the windows active desktop wallpaper.
What is the risk ? An embedded HTML file can allow transmitting the data by using the trusted process explorer.exe and can be used to steal confidential information.

Всего записей: 5438 | Зарегистр. 29-03-2006 | Отправлено: 11:29 19-08-2009
   

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » Программы » Comodo Firewall Pro / Comodo Internet Security (3)
Widok (29-12-2009 19:30): Лимит страниц. Продолжаем здесь.


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru