查看: 8631|回复: 42
收起左侧

[讨论] CIA家的杀软绕过方法

  [复制链接]
B100D1E55
发表于 2017-3-9 13:36:58 | 显示全部楼层 |阅读模式
本帖最后由 B100D1E55 于 2017-3-9 13:45 编辑

有人关注最近的Vault9 leak么,里面有一些主流杀软检测绕过的方法

例如他们发现Avira有一条Heur规则是如果PE有5%以上的区段是高熵值就报毒,但是可以通过pad+rar大法绕过。
其他的还有Comodo 6.X的监测漏洞(比如回收站漏洞),F-Secure,AVG,BD……卡巴的TDSS专杀有一个DLL劫持漏洞
还有各种进程kill方法、windows蓝屏方法……

https://wikileaks.org/ciav7p1/cms/space_3276809.html
jefffire
头像被屏蔽
发表于 2017-3-9 13:59:05 | 显示全部楼层
本帖最后由 jefffire 于 2017-3-9 14:01 编辑

这些感觉是CIA的休闲项目。
找引擎解析漏洞,远程执行 ,把防火墙网关变的“可控”才是主菜。
con16
发表于 2017-3-9 14:10:47 | 显示全部楼层
本帖最后由 con16 于 2017-3-9 14:13 编辑

卡巴,趨勢,弱盾,小紅傘,AVAST ,McAfee,F-Secure無一倖免

F-Secure最慘,被CIA評價最好入侵xd
pal家族
发表于 2017-3-9 14:55:39 | 显示全部楼层
江民
火绒
还是实力强,没事儿!哈哈2333

开个纯粹的玩笑
Dolby123
发表于 2017-3-9 15:34:22 | 显示全部楼层
The full list of security products included in the WikiLeaks Vault 7 dump are as follows:

[mw_shl_code=css,true]

    Comodo
    Avast
    F-Secure
    Zemana Antilogger
    Zone Alarm
    Trend Micro
    Symantec
    Rising
    Panda Security
    Norton
    Malwarebytes Anti-Malware
    EMET (Enhanced Mitigation Experience Toolkit)
    Microsoft Security Essentials
    McAfee
    Kaspersky
    GDATA
    ESET
    ClamAV
    Bitdefender
    Avira
    AVG
[/mw_shl_code]
pal家族
发表于 2017-3-9 15:39:59 | 显示全部楼层
俄语谷歌翻译为英文:

The CIA showed interest in vulnerabilities in the antivirus developed by Kaspersky Lab. This is evidenced by the documents published by WikiLeaks.

A document containing a description of the vulnerabilities in the Russian antivirus was included in a series of publications called Vault 7. The portal included CIA documents related to cybersecurity, hacking techniques and a hacker tracking system for users.

The documents included the presentation of the director of the Coseinc group, Hoachina Koreta, "Hacking Antivirus Programs", prepared in 2014. It mentions among other things Kaspersky Lab's antivirus and specifies that it contains vulnerabilities, using which "anyone can write a reliable exploit (code for hacking the program - RBC) for Kaspersky Anti-Virus without any real difficulties." The author of the document points out that Kaspersky Lab did not correct the vulnerabilities that were detected at the SyScan 2014 hacker conference in Singapore.

In addition, in a press release on the publication of documents, WikiLeaks indicated that the CIA can use Kaspersky Lab's anti-virus scanner to mask the virus that attacks protected systems.

According to RNS, Kaspersky Lab has already started checking the vulnerabilities specified in the document. The press service of the company said that "carefully study the report published on the resource WikiLeaks on March 7, 2017, to ensure that our customers are not in danger." And also noted that some of the vulnerabilities mentioned in the document have already been eliminated by the company after detection.

Earlier, in mid-February, WikiLeaks published documents indicating that the CIA was trying to intervene in the course of the presidential elections in France in 2012. In particular, the US intelligence services monitored French politicians.

More on RBC:
Http://www.rbc.ru/rbcfreenews/58bf1a399a79477e081b1562
a445441
发表于 2017-3-9 15:47:47 | 显示全部楼层
国内瑞星上榜,看来政府用的蛮多的
FUZE
发表于 2017-3-9 15:48:04 | 显示全部楼层
CIA的娱乐项目都这么屌...个人果然无法和国家机器同台竞技....
ysj963
发表于 2017-3-9 15:59:05 | 显示全部楼层
ESET论坛也在讨论这个。
猪头无双
头像被屏蔽
发表于 2017-3-9 16:36:09 | 显示全部楼层
竟然没有我大360老外们不能与时俱进啊
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 06:13 , Processed in 0.119491 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表