khairulaizat92 9 Posted December 9, 2017 Share Posted December 9, 2017 Hi there guys, this is an interesting news on how the malware could evade from security solution detection . What are your (It Pro and ESET) Opinion on this? https://thehackernews.com/2017/12/malware-process-doppelganging.html Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted December 9, 2017 Most Valued Members Share Posted December 9, 2017 Intetesting read Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 188 Posted December 10, 2017 Most Valued Members Share Posted December 10, 2017 Read this article on a few different sites now. What i did notice was that if you are running windows 10 fall update or later then the method does NOT work and will cause a BSOD Another reason to update to windows 10 Suppose the blue screen is the better option Link to comment Share on other sites More sharing options...
khairulaizat92 9 Posted December 10, 2017 Author Share Posted December 10, 2017 3 hours ago, cyberhash said: Read this article on a few different sites now. What i did notice was that if you are running windows 10 fall update or later then the method does NOT work and will cause a BSOD Another reason to update to windows 10 Suppose the blue screen is the better option I thinks its also stated in the same article that the recent Windows 10 update fix the issues with BSOD. Which means now the malware freely can running accross all windows platform. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted December 13, 2017 ESET Moderators Share Posted December 13, 2017 Hello guys, thank you for sharing this research. Our statement current statement on this topic is following: "Recently, ESET was informed about the findings published at: https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attack-works-on-all-windows-versions/ The report describes that in very specific cases an evasion technique might exist that allows malware to avoid scanning by one of ESET’s scanning layers. The evasion in question applies to security products of all vendors since it is an underlying issue in the operating system itself, rather than being a product-specific problem that causes it. We need to stress, that to achieve this, a malicious dropper would already have to be deployed on the system. It is also important to note that ESET's multi-layered technology is already prepared for such cases. This means that when an attacker manages to avoid one layer, another layer can step in and detect the attack: e.g., if the malware in question were to attempt the encryption of files, ESET Ransomware Shield would step in; if the malware would try to act across an ESET protected network, our ESET Network Protection module would activate, etc. We will consider communicating further steps as soon as complete information about the attack scenario is published. Protecting our customers is always our top priority and we greatly value the commitment to responsible disclosure and the collaborative nature of the IT security industry." Note: our technology team is still analyzing the technical details. Regards, P.R. Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 13, 2017 Share Posted December 13, 2017 14 hours ago, Peter Randziak said: We will consider communicating further steps as soon as complete information about the attack scenario is published. Scroll down to the section titled 'Doppelganging - Motivation' in this Blackhat 2017 .pdf https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf Link to comment Share on other sites More sharing options...
Recommended Posts