Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="WiseVector" data-source="post: 958186" data-attributes="member: 76851"><p>It is worth noting that this type of attack is a bit tricky, We've never seen this kind of attack in the wild. For attackers to successfully complete an attack, they must progress through three stages.</p><p></p><p>1. Install WSL</p><p>2. Install Linux system</p><p>3. Install Wine</p><p></p><p>These steps are involved and cumbersome, so attackers often use other, simpler ways to bypass AV, but it should be noted that the WSL 's security is poor, programs running in the WSL can access and change files on the physical machine, rather than running in a VM, which is very perplexing.</p><p></p><p>We have added a feature to WVSX ( 3.0 or above) to alert the users whenever a program try to enable WSL, which allows the user to be aware of such attacks in the first place.</p><p></p><p>[ATTACH=full]260676[/ATTACH]</p><p></p><p></p><p>The ransomware shown in the test (<a href="http://www.youtube.com/watch?v=fwEQFMbHIV8" target="_blank">www.youtube.com/watch?v=fwEQFMbHIV8</a>) is not real ransomware. The test below shows WVSX can also block real ransomware when we executed it via wine in WSL. The ransomware in our test is lockis, we also tried other ransomware and they are all be blocked. </p><p></p><p>[ATTACH=full]260677[/ATTACH]</p><p></p><p>Malicious programs executed in WSl can also be intercepted by the WVSX's behavior monitoring in the physical machine, such as injection, persistence, etc.</p><p></p><p>If the user is using WVSX 3.0 or higher, they can also write custom rules to restrict read access to his important files for trusted programs only, which can avoid backdoor programs executed in WSL to steal their files.</p></blockquote><p></p>
[QUOTE="WiseVector, post: 958186, member: 76851"] It is worth noting that this type of attack is a bit tricky, We've never seen this kind of attack in the wild. For attackers to successfully complete an attack, they must progress through three stages. 1. Install WSL 2. Install Linux system 3. Install Wine These steps are involved and cumbersome, so attackers often use other, simpler ways to bypass AV, but it should be noted that the WSL 's security is poor, programs running in the WSL can access and change files on the physical machine, rather than running in a VM, which is very perplexing. We have added a feature to WVSX ( 3.0 or above) to alert the users whenever a program try to enable WSL, which allows the user to be aware of such attacks in the first place. [ATTACH type="full" width="537px"]260676[/ATTACH] The ransomware shown in the test ([URL="http://www.youtube.com/watch?v=fwEQFMbHIV8"]www.youtube.com/watch?v=fwEQFMbHIV8[/URL]) is not real ransomware. The test below shows WVSX can also block real ransomware when we executed it via wine in WSL. The ransomware in our test is lockis, we also tried other ransomware and they are all be blocked. [ATTACH type="full" width="608px"]260677[/ATTACH] Malicious programs executed in WSl can also be intercepted by the WVSX's behavior monitoring in the physical machine, such as injection, persistence, etc. If the user is using WVSX 3.0 or higher, they can also write custom rules to restrict read access to his important files for trusted programs only, which can avoid backdoor programs executed in WSL to steal their files. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
