How to disable WFP using physical disk information

2008-02-01

Ha Young Yang

AhnLab, Korea

Editor: Helen Martin

Abstract

Recently, a threat has appeared which obtains a file’s physical disk location information with the aid of the Windows system APIs, then proceeds to infect the corresponding system file. Ha Young Yang describes exactly how physical disk information is being used to disable Windows file protection.

Copyright © 2008 Virus Bulletin

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

PDF

Please register to download the PDF

Comment

Malware vs. anti-malware: (how) can we still survive?

News

Malware prevalence report

December 2007

Virus analyses

Crimea river
How to disable WFP using physical disk information

Feature

Assessment war: Windows services

Call for papers

VB2008 Ottawa

VB100 comparative review

VB comparative review: Windows Server 2003

Calendar

Anti-malware industry events

Spam Bulletin

See also

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Jobs Recruit Sidebar

VB2010

VB2010

VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.

Virus Bulletin currently has 190,992 registered users.