Happy New Year 2012

All the best in the upcoming “Cyber” year  7DC  (will it be a lucky year ? ) I hope so. After all its gonna be the year of the  dragon – and yes it represents luck in Chinese astrology.


Water has a calming effect on the Dragon’s fearless temperament. Water allows the Dragon to re-direct its enthusiasm, and makes him more perceptive of others. These Dragons are better equipped to take a step back to re-evaluate a situation because they understand the art of patience and do not desire the spotlight like other Dragons. Therefore, they make smart decisions and are able to see eye-to-eye with other people. However, their actions can go wrong if they do not research or if they do not finish one project before starting another.

I have cooked up something for the last days of 2011, more information on this subject will be released later.

The something is Kaspersky Anti-Virus 2012 and Kaspersky Internet Security 2012 Bypass and remote removal from memory. Kaspersky AV is notorious in how difficult it is to unload using various techniques. So big deal if we can generate a FUD payload to get by the heuristics, what about actually killing the AV and have total control of the target system ? It is hard sure, but not impossible. I do not wish to undermine the great job the programmers at Kaspersky Labs are doing. They are great and I wish them best of luck in the 2012, they will need it.

OK, so we will do 2 test runs. First against Kaspersky Internet Security 2012 and second against Kaspersky Anti-Virus 2012.  Lets get to the demonstration:

We will need to call Victor the Cleaner to clean Kaspersky

Metasploit vs. Kaspersky Anti-Virus 2012   (Almost silent AV kill, just a notification before it was dead as you can see in the video)

Metasploit vs. Kaspersky Internet Security 2012 (Silent and deadly like Victor from Brutal Nikita as you can see in the video)

So to sum up the conclusions :  AVP.exe is killable, and we can almost silently disable the AV protection. The strike against the AV survives a reboot so the target is left unprotected. Happy New Year 2012 to all again, especially Kaspersky Labs guys – they are great and deserve respect for the job they do.  Lets see how lucky we will get next time :)



About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.