New Windows malware able to bypass current antivirus applications

16th May, 2010 by adina
Tags: , , ,

A new malware that could potentially affect almost every Windows XP system that uses current antivirus software has been detected by researchers at Matousec. Kernel Hook Bypassing Engine (KHOBE) is using the vulnerability of the System Service Descriptor Table to trick Microsoft’s operating system, making it to accept rogue code. In first instance it allows a safe code thread to be tested by the antivirus applications, but immediately swaps in a thread that contains a virus or other attack, thus giving the malware free way.

Only few antivirus programs can protect against an attempt, as they cannot stop the switch after they have already examined the supposed original code. Tools can scan the content before it enters the system and can block known malware, but unknown code will get access automatically. Administrator rights are not necessary and can expose even limited Windows accounts to the malware threat.

The attacks are not effective on Windows 7 or Vista systems, but these ones are in the minority, so that most computers all over the world are susceptible to be infected by KHOBE virus. Modern multi-core processors are more vulnerable, as the hostile thread can be more efficiently kept away from any inspection by antivirus software.

Software developers like Sophos and F-Secure have promised to identify the attacks and minimize the risk. However, the new vulnerability is a real danger for the Windows environment and this happens especially in developing countries, where Windows 7 is not very common or is unfeasible for systems users can afford. There is no information about whether Linux and Mac OS X are vulnerable to this kind of threat or not.


  • Share

 

Readers Comments