Last Friday's post linked to
Computer Sweden and an "interview" with Corpse, the author of Haxdoor.
Today
we have some video demos of
Haxdoor.KI
and F-Secure Internet Security 2007 with DeepGuard
technology.
The DeepGuard System
Control feature is capable of defending a system
even without definitions of the malware. This is
because the behavior of the malware is determined
as a threat and is automatically blocked.
The
demo uses a Rakningen sample that was caught
during a spam run.
Part one shows the results of
launching Rakningen with System Control disabled.
The rootkit is installed. Our F-Secure
Blacklight
is able to detect it…
Part two
shows the System Control in action. It
automatically denies Haxdoor access to the system
and the rootkit fails to install.
Demo
–
Part 1
(XviD – 5489k) Demo –
Part 2
(XviD – 6132k)
