How to disable WFP using physical disk information

2008-02-01

Ha Young Yang

AhnLab, Korea

Editor: Helen Martin

Abstract

Recently, a threat has appeared which obtains a file’s physical disk location information with the aid of the Windows system APIs, then proceeds to infect the corresponding system file. Ha Young Yang describes exactly how physical disk information is being used to disable Windows file protection.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	February 2008 PDF Please register to download the PDF Comment Malware vs. anti-malware: (how) can we still survive? News Anti-malware school More rogue Flash ads All in the name Malware prevalence report December 2007 Virus analyses Crimea river How to disable WFP using physical disk information Feature Assessment war: Windows services Call for papers VB2008 Ottawa VB100 comparative review VB comparative review: Windows Server 2003 Calendar Anti-malware industry events Spam Bulletin No taste for spam? Spammers and scammers in court Mortgage spam rockets Predictions about the prediction scam See also Virus Bulletin archives How to become a subscriber Reprints

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Virus Bulletin


	In this month's magazine: Living the meme If Svar is the answer... Static analysis of mobile malware And the devil is six: the security consequences of the switch to IPv6 Behind enemy lines: reporting from the CCC 28C3 Congress Subscribe now!

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

How to disable WFP using physical disk information

Ha Young Yang

PDF

Comment

News

Malware prevalence report

Virus analyses

Feature

Call for papers

VB100 comparative review

Calendar

Spam Bulletin

See also