10 Nov
2010
10 Nov
'10
8:38 p.m.
El mié, 10-11-2010 a las 19:59 +0000, Dan Kegel escribió:
Presumably, though, under Wine you could detect the attempt to hook those things, and thereby detect the malware?
Is not that easy. For example, what if a rootkit tries to exploit a privilege scalation vulnerability in the kernel or any of the subsystems (i.e., win32k)? You may think it's something very uncommon, but is not.
Or, what if the malware tries to install a driver? I can see that a driver was installed or that a call to LoadDriver/ZwLoadDriver was issued but I can't get any other information.