Last Friday's post linked to Computer Sweden and an "interview" with Corpse, the author of Haxdoor.
Today we have some video demos of Haxdoor.KI and F-Secure Internet Security 2007 with DeepGuard technology.
The DeepGuard System Control feature is capable of defending a system even without definitions of the malware. This is because the behavior of the malware is determined as a threat and is automatically blocked.
The demo uses a Rakningen sample that was caught during a spam run.
Part one shows the results of launching Rakningen with System Control disabled. The rootkit is installed. Our F-Secure Blacklight is able to detect it…
Part two shows the System Control in action. It automatically denies Haxdoor access to the system and the rootkit fails to install.