[Full-disclosure] "Zero-day catcher" for Windows available for sell

From: Zero-day catcher team <zerodaycatcher_at_nospam>
Date: Fri Sep 12 2008 - 06:59:42 GMT
To: full-disclosure@lists.grok.org.uk

Known buffer overflow prevention methods, Anti-Virus methods (including heuristic and signature methods),
HIPS methods, Anti-rootkit methods can be more or less easily bypassed (description of the methods of
bypassing exceeds the scope of this info). Main principles of "Zero-day catcher":

any malware (including trojans, viruses and worms, protected by anti-heuristis methods)uses direct reading of PE headers of at least one module for EAT/IAT/sections;
any AV software (including heuristic and signature ways) can be bypassed easily, AV methods are effective ONLY for known vectors of attack and signatures;
any HIPS software (based on heuristic and r0/r3 API hooks) can be bypassed by in-depth inline hooks;
any rootkit (including installed hooks) changes a control flow of legal threads;
any thread (including changed by rootkit) can not permanently and directly control hardware timer behaviour (in context of interruption control of its execution);
any rootkit can not control DRAM, disabled by chipset MTRR as SMRAM;
any rootkit can not change SMRAM_LOCK register behaviour (WRITE_ONCE chipset future);
any anti-rootkit methods (including r0/r3 API hooking and heuristic scan of memory) can be bypassed by early loaded rootkit;

There are three versions of "Zero-day catcher": - SMM version (include hardware part and software part) - for rootkit acquiring and prevention (including virtualization rootkits) - kernel mode version (software part only) - for rootkit acquiring and prevention (excluding virtualization rootkits) - user mode version (software part only) - for userland malware only (exploit-bot-worm-virus catcher)

"Zero-day catcher" could be usefull for:

zero-day threats detection and analyzing automation;
acquiring exception environment;
detection of undetectable (by heuristic and signature) malware in any form;
discovering of any vectors of malicious attack (browsers, mail clients, etc) by corresponding plugins;
prevention of all kinds of known and unknown attacks (implementation of critical importance systems)

There are no demo or trial version, "Zero-day catcher" targeted for professionals only.
Questions and request for prices: zerodaycatcher@gmail.com <mailto:zerodaycatcher@gmail.com>

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Secunia Research: "[Full-disclosure] Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow"
Previous message: security_at_nospam: "[Full-disclosure] [ MDVSA-2008:192 ] libxml2"
Next in thread: Probably Shadowgamers: "Re: [Full-disclosure] "Zero-day catcher" for Windows available for sell"
Reply: Probably Shadowgamers: "Re: [Full-disclosure] "Zero-day catcher" for Windows available for sell"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]