Solved Nasty New Malware


glasskuter

aka Mama Glass
Guru
VIP
Local time
9:31 AM
Posts
7,135
Location
The Lone Star State of Texas
OS
Windows 11 Pro 23H2 22631.3737

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Pretty clever. Using an old vulnerable avast driver as well as IObitUnlockers.sys unlocker.

I do wonder if UAC being set at its highest level would prevent this attack + windows defender tamper protection. And if the default powershell protections would prevent it from running. Would a user specifically need to allow anything for it to work......

Would like to find it to test with....

This has more info which I am still reading through


Microsoft created the Vulnerable Driver Blocklist to stop admins from tampering with the kernel, but they've done nothing about an admin-to-kernel exploit chain that was reported over 11 months ago. By removing the vulnerable driver requirement from EDRSandBlast via GodFault, I hope to prove that admin-to-kernel exploits can be just as dangerous as vulnerable drivers and that MSRC needs to take them seriously. Given Windows 11's goal of default security and the fact that the Vulnerable Driver Blocklist is now enabled by default, MSRC needs to reconsider its policy of indifference towards PPL and kernel exploits.

Yeah.....I agree
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 4GB Vram
    Screen Resolution
    1920 x 1080
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo ideapad flex 14API 2 in 1
    CPU
    Ryzen 5 3500u
    Motherboard
    LENOVO LNVNB161216 (FP5)
    Memory
    12GB DDR4
    Graphics card(s)
    AMD Radeon Vega 8 Graphics
    Hard Drives
    256 GB Samsung ssd nvme

Latest Support Threads

Back
Top Bottom