Killed cfp.exe demonstration video by mj0011

[Guest]

[commanding the celsius]

Not that I think anyone here thinks so, but if anyone in here is thinking this video "must" be real.. Take a look at this as well:



Melih is at the white house.. And they has the CFP logo there now.. as you can see with your own eyes..

And what is this: http://www.youtube.com/watch?v=Sr4n7nnu7q8 T. REX are alive again, in a park near you!

The point is, believing someone who refuses to provide some kind of evidence is just stupid.. =) This guy could so easily provide his PoC but chose not to.. 

[3DNow]

haha you can doubt this video,and i will never give u the PoC and your useless protection are still been bypassd.for i have nothing bad.when someday u see the real attack by malware author,u will see how they turn water to glod

[commanding the celsius]

haha you can doubt this video,and i will never give u the PoC and your useless protection are still been bypassd.for i have nothing bad.when someday u see the real attack by malware author,u will see how they turn water to glod

Why would you do that..  If you spread it to the public then then we will end up getting hold of your PoC probably sooner or later..  And if you plan on infecting a lot of users you will need to use some sort of product flaw probably as well.. And CIS is quite capable at preventing many infections that way.. and your malware can't just be aimed at killing CIS.. What are you planning? Making a huge botnet? stealing passwords?  And what about the users that uses other products....?? Oh and I guess you are going to make your file so badass that it survives a format (not unusuall for people to do when infected..)..

Anyhow if you are the creator of this video (I don't think you are, but well) have you tested this PoC is against something else than CIS? (to be honest I hasn't watched the video..)  Anyhow, CIS is the product that passes all HIPS/firewall tests on matousec.. (unlike the others) and the product probably intercept more stuff than most suites out there.. So Iam sure you could poke a hole in some other suites as well.. Thats usually what happens when something new "pops up".. But yeah, sure its possible that you could have found a flaw.. No offense but without a PoC your just a troll..

[OmeletGuy]

Send it to me over a PM.. I will send it to Comodo, if you dont want it public.

[commanding the celsius]

Send it to me over a PM.. I will send it to Comodo, if you dont want it public.

The guy is going to take over the Internet with this flaw, he is the Bill gates of hackers.. Just wait, he has no intention to share it.. 

[ssj100]

I believe there probably is a POC that can bypass CIS (perhaps more than one).  Apparently there are at least 3 POCs (from the same guy?) that can bypass Malware Defender's protection - I think the creator of Malware Defender ("Xiaolin") has been spending the last few days trying to patch these vulnerabilities:

Here, he fixes the first POC bypass:
http://www.wilderssecurity.com/showpost.php?p=1566408&postcount=27

And here, the second:
http://www.wilderssecurity.com/showpost.php?p=1566522&postcount=31

And in this post, he admits he is trying to fix the third POC bypass and has resigned to the fact that Malware Defender will need to be re-designed:
http://www.wilderssecurity.com/showpost.php?p=1568038&postcount=56

I don't know about you guys, but this sounds like pretty big stuff.  Malware Defender is arguably the best classical HIPS out there.

[evil_religion]

haha you can doubt this video,and i will never give u the PoC and your useless protection are still been bypassd.

You only killed the cfp.exe process. What about the cmdagent.exe? And even if you killed both you still didn't bypass protection because all unknown requests are blocked.

It's just untransparent trolling what you are doing. If you don't want to appear like a criminal loser with some psychich problems you should share the POC...

[dkmc]

Monkey boy, [* cut *]

It's just untransparent trolling what you are doing. If you don't want to appear like a criminal loser with some psychich problems you should share the POC...

If you do not want to appear like vulgar loudmouthed creature then....think yourself.

[commanding the celsius]

[Post removed..]

[OmeletGuy]

Monkey_Boy & dkmc stop fighting with each other please. 

[commanding the celsius]

[Post removed..]

[Dennis2]

Please read the Forum Policy before anyone posts in this topic again.

Thank you
Dennis

Forum Policy

§8. Unacceptable behaviours

[dkmc]

If he thinks Iam wrong somewhere then I would appreciate if he explain where and about what so I know..

I doubt that your serious about that.
Anyway: Re-read thread slowly and thoroughly and pay attention to your comments. Simple as that.

[commanding the celsius]

I doubt that your serious about that.
Anyway: Re-read thread slowly and thoroughly and pay attention to your comments. Simple as that.

Explain yourself or just cut it.. My comments are about how easy it is to fake a crash, and that this video has very little credibility, I know for a fact that I can "crash" CIS using the task manager if I tamper a bit with it..

I did watch the video now however.. Isn't it a bit "questionable" how even prior to this guy doing his attack CIS is not showing the usual "all okay" under system status..?

[ssj100]

I doubt that your serious about that.
Anyway: Re-read thread slowly and thoroughly and pay attention to your comments. Simple as that.

I don't see what the big deal is.  I'm sure there are several ways of bypassing classical HIPS, whether it be Defense+ or Malware Defender, if the malicious file is allowed to be executed on the REAL system.  This is why it's so important to implement another layer of protection - virtualisation.  I use Sandboxie myself.

Regardless, it's unlikely CIS users will ever get infected if they handle Defense+ properly.  Sure, there are theoretical bypasses, but how likely are real people going to face them in real life?

[Tags:]