Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
locked padlock set against background of code

Market-leading security products broken by Doppelganging attack

Posted on December 9, 2017December 9, 2017 By Davey Winder

New process memory attack methodology not only defeats market-leading security products but will also breathe new life into old threats

By subtly changing how executable files such as an email attachment or a web download interact with disk memory, the researchers were able to succeed where older ‘process hollowing’ attacks had long since failed; bypassing detection by such products as AVG Internet Security, Bitdefender, ESET NOD 32 and Windows Defender under Windows 10. What’s more, Avast and Panda were both left in the dark under Windows 8.1, and when it came to Windows 7.1 SP1 machines Kaspersky Antivirus 18 and Endpoint Security 10, McAfee VSE 8.8 Patch 6 and Symantec Endpoint Protection were also bypassed. Just to add more urgency into the threatscape, these process doppelgänging attacks have also proved to be invisible as far as investigative recording and forensic tools such as Volatility are concerned.

Click here to read complete article

Threat Intelligence Tags:Black Hat Europe, Hacking, News, Research

Post navigation

Previous Post: Ransomware: To Pay or Not To Pay?
Next Post: Microsoft launches privilege escalation attack on itself with Office 365

Related Articles

New iPhone Security Warning As Malicious Lockdown Mode Trick Revealed Apple
Samsung Confirms Hackers Compromised Customer Data Starting July 2019 Hacking
New Critical Security Warning For iPhone, iPad, Watch, Mac—Attacks Underway Analysis
New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Analysis
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits Infosecurity
Stolen Reddit Data To Be Published Unless API Changes Dropped, Hackers Say Cybercrime

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy