PDA

Просмотр полной версии : Kaspersky AV exploited easily.



Simple10
21.02.2008, 08:31
Teddy KGB (http://us.imdb.com/name/nm0000518/): It hurts doesn't it? Your hopes dashed, your dreams down the toilet. And your fate is sitting right besides you. "Gramma!" voyamat

Version of Kaspersky in this article - 7.0 latest public build 125, product type - Internet Security. (http://www.rootkit.com/newsread.php?newsid=778)

13 unknown ssdt's by klif.sys used to create bsod.

That's the version I have. d :?:(
8 coming soon? Will these issues be fixed?

I'm thinking of becoming a monk and taking up meditation full time.
Maybe make a mosaic from the pieces of my laptop or use it as a bookend. >:(

Do I have to be a CompSci Phd. in order to protect my box/es?

NickGolovko
21.02.2008, 13:00
This is not a vulnerability, be sure.

It is already fixed in MP1 (7.0.0.321); for 7.0.0.125 a patch has been released many months ago. It is installed automatically via updates if you have the option to update product modules enabled.

DVi
21.02.2008, 13:06
It has been fixed in KAV 7.0 MP1

Simple10
22.02.2008, 02:06
Whooo! :clapping:
Was begining to become depressed, no sleep for the weary and such.
Now I will rest a little better. Thank you Nick and DVI.

Sjoeii
22.02.2008, 07:21
Whooo! :clapping:
Was begining to become depressed, no sleep for the weary and such.
Now I will rest a little better. Thank you Nick and DVI.
No reason to ghet depressed about Kaspersky.
They are always good

Simple10
01.03.2008, 06:56
What if I have a rootkit that prevents updates. Then I wouldn't have the patch would I.:O

XP user
01.03.2008, 10:44
What if I have a rootkit that prevents updates. Then I wouldn't have the patch would I.:O
If you really had a rootkit, you would have other trouble on your mind, believe me. I don't think you do, but to make sure, just check:
C (or wherever your system is installed):\WINDOWS\system32\drivers\etc\host
(you can open it with NotePad) If any of the kaspersky servers is there pointing to local host (127.0.0.1), then you are in trouble.

Paul

Simple10
01.03.2008, 13:25
127.0.0.1 localhost
::1 localhost
^----Is all that is there.
How would the updates be affected faced with some type of virtualization threat?
Is it a rootkit that attacks the anti-rootkit scanners preventing them from running propperly or is there something else that would create a similar response?
Isn't the purpose of a rootkit to provide invisibility for other tools so they can operate without being detected? Could one of those tools be virtualization?

You wouldn't happen to be an Ubuntu :evil: user would you, Paul.

XP user
01.03.2008, 23:32
You wouldn't happen to be an Ubuntu :evil: user would you, Paul.
No, but with all the Vista crap I've seen, and Microsoft wanting to stop support for XP, the idea is tempting... :)

Paul

Sjoeii
03.03.2008, 15:25
No, but with all the Vista crap I've seen, and Microsoft wanting to stop support for XP, the idea is tempting... :)

Paul
O no Paul
Not you as well ;)