Personally, I am sick and tired of the United States government meddling more and more in our lives. The movie and music industry is using our elected officials like puppets (muppets) and we are sitting idly by and letting it happen. Well, I signed the petition, and my voice will be heard next election. G.R.I.P. – Get Rid of Incumbent Politicians. If we really want to make changes, we have to get those that pander to big business out of office and let them know that we have the power to do it. After all, they are there to represent Read More…

Will KHOBE Be The End of Windows?
Date: May 12th, 2010
Author: Joe DiFiglia
Category: Misc, Rants, Windows 7, Windows Home Server, Windows Server, Windows Vista, Windows XP
Tags: Anti Virus, Microsoft, Windows 7, Windows Home Server, Windows Vista, Windows XP
Article URL: http://computingondemand.com/?p=3418
It was a dark and stormy night, May 5th; it was intense, my dog was hiding in the bathtub, the wind was blowing like a child with a new kazoo, the rain was coming down in sheets (11 x 17), and my PC was left to fend for itself. Suddenly, the ground shook and my home felt epileptic. The phone rings, the same quake is hitting China, the U.K, Japan, Canada... this is a worldwide earthquake? This wasn't a typical earthquake, this was a digital earthquake; at least that's how Matousec.com describes it. They named it KHOBE!
KHOBE (Kernel HOok Bypassing Engine) is a new exploit that the researchers at Matousec.com have discovered/developed. This method of infection utilizes an argument-switch attack or KHOBE attack and allows malicious code to circumvent conventional detection by submitting values that will certainly pass as safe through security software. When the "fake" thread passes, a very well timed parallel thread is executed, thus allowing the malicious code to pass through. If this happens properly, the threat is successful.
- The process does not need to be run as a privileged user in order to be passed.
- Works through SSDT Hooks (System Service Descriptor Table) and other hooks.
- Valid for ALL Windows Versions, including Windows 7 (64 and 32-bit)
Part of the issue here is that they have tested many of the "popular" security software packages for the ability to pass this threat and ALL of them allowed this process to complete.
- 3D EQSecure Professional Edition 4.2 VULNERABLE
- avast! Internet Security 5.0.462 VULNERABLE
- AVG Internet Security 9.0.791 VULNERABLE
- Avira Premium Security Suite 10.0.0.536 VULNERABLE
- BitDefender Total Security 2010 13.0.20.347 VULNERABLE
- Blink Professional 4.6.1 VULNERABLE
- CA Internet Security Suite Plus 2010 6.0.0.272 VULNERABLE
- Comodo Internet Security Free 4.0.138377.779 VULNERABLE
- DefenseWall Personal Firewall 3.00 VULNERABLE
- Dr.Web Security Space Pro 6.0.0.03100 VULNERABLE
- ESET Smart Security 4.2.35.3 VULNERABLE
- F-Secure Internet Security 2010 10.00 build 246 VULNERABLE
- G DATA TotalCare 2010 VULNERABLE
- Kaspersky Internet Security 2010 9.0.0.736 VULNERABLE
- KingSoft Personal Firewall 9 Plus 2009.05.07.70 VULNERABLE
- Malware Defender 2.6.0 VULNERABLE
- McAfee Total Protection 2010 10.0.580 VULNERABLE
- Norman Security Suite PRO 8.0 VULNERABLE
- Norton Internet Security 2010 17.5.0.127 VULNERABLE
- Online Armor Premium 4.0.0.35 VULNERABLE
- Online Solutions Security Suite 1.5.14905.0 VULNERABLE
- Outpost Security Suite Pro 6.7.3.3063.452.0726 VULNERABLE
- Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION VULNERABLE
- Panda Internet Security 2010 15.01.00 VULNERABLE
- PC Tools Firewall Plus 6.0.0.88 VULNERABLE
- PrivateFirewall 7.0.20.37 VULNERABLE
- Security Shield 2010 13.0.16.313 VULNERABLE
- Sophos Endpoint Security and Control 9.0.5 VULNERABLE
- ThreatFire 4.7.0.17 VULNERABLE
- Trend Micro Internet Security Pro 2010 17.50.1647.0000 VULNERABLE
- Vba32 Personal 3.12.12.4 VULNERABLE
- VIPRE Antivirus Premium 4.0.3272 VULNERABLE
- VirusBuster Internet Security Suite 3.2 VULNERABLE
- Webroot Internet Security Essentials 6.1.0.145 VULNERABLE
- ZoneAlarm Extreme Security 9.1.507.000 VULNERABLE


