An Interest In:
Web News this Week
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
- March 15, 2024
- March 14, 2024
October 1, 2017 06:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5FQz1FNKTq0/new-illusion-gap-attack-bypasses-windows-defender-scans
New 'Illusion Gap' Attack Bypasses Windows Defender Scans
An anonymous reader writes: Security researchers have discovered a new technique that allows malware to bypass Windows Defender, the standard security software that comes included with all Windows operating systems. The technique -- nicknamed Illusion Gap -- relies on a mixture of both social engineering and the use of a rogue SMB server. The attack exploits a design choice in how Windows Defender scans files stored on an SMB share before execution. For Illusion Gap to work, the attacker must convince a user to execute a file hosted on a malicious SMB server under his control. This is not as complex as it sounds, as a simple shortcut file is all that's needed. The problems occur after the user double-clicks this malicious file. By default, Windows will request from the SMB server a copy of the file for the task of creating the process that executes the file, while Windows Defender will request a copy of the file in order to scan it. SMB servers can distinguish between these two requests, and this is a problem because an attacker can configure their malicious SMB server to respond with two different files. The attacker can send a malicious file to the Windows PE Loader, and a benign file to Windows Defender. After Windows Defender scans the clean file and gives the go-ahead, Windows PE Loader will execute the malicious file without Windows Defender realizing they're two different things. Microsoft declined to patch the bug, considering it a "feature request."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5FQz1FNKTq0/new-illusion-gap-attack-bypasses-windows-defender-scans
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot