10 Nov
2010
10 Nov
'10
9:44 p.m.
On Wed, Nov 10, 2010 at 8:38 PM, Joxean Koret joxeankoret@yahoo.es wrote:
Is not that easy. For example, what if a rootkit tries to exploit a privilege scalation vulnerability in the kernel or any of the subsystems (i.e., win32k)? You may think it's something very uncommon, but is not.
I guess you may extend wine to detect those?
Or, what if the malware tries to install a driver? I can see that a driver was installed or that a call to LoadDriver/ZwLoadDriver was issued but I can't get any other information.
For the purposes of scanning websites to see if they are evil, that should suffice, shouldn't it? - Dan