New process memory attack methodology not only defeats market-leading security products but will also breathe new life into old threats
By subtly changing how executable files such as an email attachment or a web download interact with disk memory, the researchers were able to succeed where older ‘process hollowing’ attacks had long since failed; bypassing detection by such products as AVG Internet Security, Bitdefender, ESET NOD 32 and Windows Defender under Windows 10. What’s more, Avast and Panda were both left in the dark under Windows 8.1, and when it came to Windows 7.1 SP1 machines Kaspersky Antivirus 18 and Endpoint Security 10, McAfee VSE 8.8 Patch 6 and Symantec Endpoint Protection were also bypassed. Just to add more urgency into the threatscape, these process doppelgänging attacks have also proved to be invisible as far as investigative recording and forensic tools such as Volatility are concerned.
