Malware uses Windows constraints policies

Researchers from they discovered BKDR_VAWTRAK a bank malware. That particular πρόγραμμα χρησιμοποιεί τις πολιτικές περιορισμών των Windows (Software Restriction Policies ή SRP) για να περιορίσει τα προνόμια των λογισμικών ασφάλειας, συμπεριλαμβανομένου και αυτού της Trend Micro

malware

SRP is a feature added to Windows XP and Windows Server 2003 operating systems and managed through Group Policy. It is designed to allow administrators to blacklist or whitelist specific executables , or restrict non-privileged users.

Βέβαια δεν είναι η πρώτη φορά που το SRP χρησιμοποιείται από .

SRP can also be used for Local Policy Editor in any version of Windows:
sickle

Δεδομένου τώρα ότι οι πολιτικές αυτές μεταφράζονται σε κλειδιά μητρώου (registry keys) στα συστήματα που χρησιμοποιούνται, είναι δυνατό να δημιουργηθούν κλειδιά μητρώου άμεσα, κάτι το οποίο, όπως αναφέρει η Trend Micro κάνει το κακόβουλο . Στο παραπάνω παράδειγμα, φαίνονται τα κλειδιά μητρώου που δημιουργήθηκαν στο HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers.

When the user tries to run the executable file, it is blocked by Windows:

Aug-

So malicious software takes control of the computer as it performs only the files it desires. Potentially, an updated security software could find malicious software, but malicious software has blocked it.

Ironically, Microsoft's article on TechNet states in the description of the SRP on the day of its release (in 2002) how it can be used to "fight viruses." Microsoft for ever!

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

One Comment

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).