Reply to thread

Message

I do not share this one. The video is already available, so Comodo users and staff are informed.
In the attack, the shortcut does not use scripting (Comodo would alert/contain the attack via Script Analysis). This method is not commonly known (can be dangerous).
I don't want to make any more fuss than necessary.

Here is the attack flow:
Malicious ISO download (contains a shortcut and some hidden files) ----> shortcut to TDSS Killer executed by the user -----> shortcut runs TDSS Killer with CmdLine to kill Comodo ----> No UAC alert because LUA is disabled ----> TDSS Killer installs the driver and restarts Windows ----> the driver kills Comodo

The attack is successful because it uses only Trusted resources.

<blockquote data-quote="Andy Ful" data-source="post: 1114580" data-attributes="member: 32260">I do not share this one. The video is already available, so Comodo users and staff are informed.In the attack, the shortcut does not use scripting (Comodo would alert/contain the attack via Script Analysis). This method is not commonly known (can be dangerous).I don&#039;t want to make any more fuss than necessary.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile&nbsp; &nbsp; :)" loading="lazy" data-shortname=":)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up&nbsp; &nbsp; (y)" loading="lazy" data-shortname="(y)" />Here is the attack flow:Malicious ISO download (contains a shortcut and some hidden files) ----&gt; shortcut to TDSS Killer executed by the user -----&gt; shortcut runs TDSS Killer with CmdLine to kill Comodo ----&gt; No UAC alert because LUA is disabled ----&gt; TDSS Killer installs the driver and restarts Windows ----&gt; the driver kills ComodoThe attack is successful because it uses only Trusted resources.</blockquote>

[QUOTE="Andy Ful, post: 1114580, member: 32260"] I do not share this one. The video is already available, so Comodo users and staff are informed. In the attack, the shortcut does not use scripting (Comodo would alert/contain the attack via Script Analysis). This method is not commonly known (can be dangerous). I don't want to make any more fuss than necessary.:)(y) Here is the attack flow: Malicious ISO download (contains a shortcut and some hidden files) ----> shortcut to TDSS Killer executed by the user -----> shortcut runs TDSS Killer with CmdLine to kill Comodo ----> No UAC alert because LUA is disabled ----> TDSS Killer installs the driver and restarts Windows ----> the driver kills Comodo The attack is successful because it uses only Trusted resources. [/QUOTE]

Top