All the best in the upcoming “Cyber” year 7DC (will it be a lucky year ? ) I hope so. After all its gonna be the year of the dragon – and yes it represents luck in Chinese astrology.
THE WATER DRAGON 1952 AND 2012
Water has a calming effect on the Dragon’s fearless temperament. Water allows the Dragon to re-direct its enthusiasm, and makes him more perceptive of others. These Dragons are better equipped to take a step back to re-evaluate a situation because they understand the art of patience and do not desire the spotlight like other Dragons. Therefore, they make smart decisions and are able to see eye-to-eye with other people. However, their actions can go wrong if they do not research or if they do not finish one project before starting another.
I have cooked up something for the last days of 2011, more information on this subject will be released later.
The something is Kaspersky Anti-Virus 2012 and Kaspersky Internet Security 2012 Bypass and remote removal from memory. Kaspersky AV is notorious in how difficult it is to unload using various techniques. So big deal if we can generate a FUD payload to get by the heuristics, what about actually killing the AV and have total control of the target system ? It is hard sure, but not impossible. I do not wish to undermine the great job the programmers at Kaspersky Labs are doing. They are great and I wish them best of luck in the 2012, they will need it.
OK, so we will do 2 test runs. First against Kaspersky Internet Security 2012 and second against Kaspersky Anti-Virus 2012. Lets get to the demonstration:
We will need to call Victor the Cleaner to clean Kaspersky
Metasploit vs. Kaspersky Anti-Virus 2012 (Almost silent AV kill, just a notification before it was dead as you can see in the video)
Metasploit vs. Kaspersky Internet Security 2012 (Silent and deadly like Victor from Brutal Nikita as you can see in the video)
So to sum up the conclusions : AVP.exe is killable, and we can almost silently disable the AV protection. The strike against the AV survives a reboot so the target is left unprotected. Happy New Year 2012 to all again, especially Kaspersky Labs guys – they are great and deserve respect for the job they do. Lets see how lucky we will get next time :)