If you think the virus has been one of the toughest enemies on the net, think again! Oh, well, they actually are! 😀
Anyway, the new serial killer these days are the malicious programs that hacks your information on the web. Matousec researchers outlined the way on how the attackers could make use of the kernel driver hooks to exploit the system.
This discovered tactic known as “argument-switch attack,” shows the way how benign code is being swapped for malicious code at the time that the security software gives a ‘go’ signal and there will be an immediate execution.
As this issue has become very alarming for the internet security, a lot of thoughts and opinions sprung. Quoting from the vice president of Immunet engineering, Mr. Alfred Huger:
“This is definitely very serious…Probably any security product running on Windows XP can be exploited this way.”
More to that, he expressed that Immunet’s desktop client is not that prepared to the switch attacks as it uses a software that runs on a different method hooking in the Windows kernel.
The argument-switch tactic is really alarming as almost three-dozen Windows desktop security titles, such that of Symantec, McAfee, Trend Micro, BitDefender, and Sophos, to mention a few can be abused by this said killer. This is why, F-Secure chief research officer, agreed that: “It’s a serious issue and Matousec’s technical findings are correct”
For some antivirus companies downplayed the threat. McAfree believes that this is not just simple, it is a complicated attack that would need some required access; Kaspersky, on the other hand expresses that it’s not only hooks that they implement, all the more they are given the technological privilege to secure the kernel mode and sandboxing.
Windows Vista SP1 in 2008 brought in APIs
As Windows boasts PatchGuard, the scare continue as this will work against all user mode hooks and will also work against the kernel mode hooks if they are installed, for example, after disabling the PatchGuard.
Attackers may have dropped malware into some target machine just as to make use of the argument-switch strategy. However, some more studies noted that it’s not really safe against threatening attempts of argument-switch usage as hackers would still have to install malware.