Solved Nasty New Malware


glasskuter

glasskuter

aka Mama Glass
Guru
VIP
Local time
3:03 PM
Posts
7,131
Location
The Lone Star State of Texas
OS
Windows 11 Pro 23H2 22631.3737

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Pretty clever. Using an old vulnerable avast driver as well as IObitUnlockers.sys unlocker.

I do wonder if UAC being set at its highest level would prevent this attack + windows defender tamper protection. And if the default powershell protections would prevent it from running. Would a user specifically need to allow anything for it to work......

Would like to find it to test with....

This has more info which I am still reading through

www.elastic.co

Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs

Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
www.elastic.co www.elastic.co

Microsoft created the Vulnerable Driver Blocklist to stop admins from tampering with the kernel, but they've done nothing about an admin-to-kernel exploit chain that was reported over 11 months ago. By removing the vulnerable driver requirement from EDRSandBlast via GodFault, I hope to prove that admin-to-kernel exploits can be just as dangerous as vulnerable drivers and that MSRC needs to take them seriously. Given Windows 11's goal of default security and the fact that the Vulnerable Driver Blocklist is now enabled by default, MSRC needs to reconsider its policy of indifference towards PPL and kernel exploits.
Click to expand...

Yeah.....I agree
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 4GB Vram
    Screen Resolution
    1920 x 1080
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo ideapad flex 14API 2 in 1
    CPU
    Ryzen 5 3500u
    Motherboard
    LENOVO LNVNB161216 (FP5)
    Memory
    12GB DDR4
    Graphics card(s)
    AMD Radeon Vega 8 Graphics
    Hard Drives
    256 GB Samsung ssd nvme
You must log in or register to reply here.

Similar threads

Windows Security detecting threats even when all options are turned off
Replies
4
Views
620
NormanF
N
Antivirus For IPhone?
Replies
12
Views
571
WAI
WAI
How Security Systems Work
Replies
0
Views
753
monkeylove
monkeylove
"Your IT Admin Has Restricted Access To This Item"
2
Replies
39
Views
1K
antspants
antspants
Windows 11 Security won't start, other issues
2
Replies
23
Views
2K
oldschool
oldschool

Latest Support Threads

Latest Tutorials

Back
Top Bottom