Recently some researcher found that by using system Kernel SSDT (System Service Descriptor Tables) it would be possible to bypass/stop the antivirus and Security SW on desktop PC. This means new attacks on Desk Top PC:s are anticipated shortly.
Researcher showed that attack pattern called the argument-switch attack which shows that common implementations of kernel mode hooks are not secure. This attack represents serious threat because many security software vendors base their security features on hooking. We tested the most widely used security applications and found out that all of them are vulnerable.
The following well-known antivirus SW are among the VULNERABLE security SW.
avast! Internet Security 5.0.462
AVG Internet Security 9.0.791
CA Internet Security Suite Plus 2010 22.214.171.1242
ESET Smart Security 126.96.36.199
F-Secure Internet Security 2010 10.00 build 246
Kaspersky Internet Security 2010 188.8.131.526
McAfee Total Protection 2010 10.0.580
Norman Security Suite PRO 8.0
Norton Internet Security 2010 184.108.40.206
Panda Internet Security 2010 15.01.00
Sophos Endpoint Security and Control 9.0.5
Trend Micro Internet Security Pro 2010 17.50.1647.0000
ZoneAlarm Extreme Security 9.1.507.000
The research was done on Windows XP Service Pack 3 , Windows Vista Service Pack 1 on 32-bit hardware. However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack.
Make sure that your antivirus SW would be able to handle this new threat!
Click here if you are interested to read more.