News Intel Rapid Storage Technology Vulnerability Allows Persistent Malware

[Admin]

Intel's Rapid Storage Technology vulnerability could have allowed persistent malware to exist on Windows systems and bypass of antivirus engines.

Intel Rapid Storage Technology Vulnerability Allows Persistent Malware : Read more

 

[Pat Flynn]

It would be nice to know the names of the DLL files the EXE is looking for. With that info, you should be able to create empty dummy files, then use CACLS to block access to said DLL files preventing it from being overwritten by any trojan. Sort of a preventative method?

 

[JonDol]

It would be nice to know the names of the DLL files the EXE is looking for. With that info, you should be able to create empty dummy files, then use CACLS to block access to said DLL files preventing it from being overwritten by any trojan. Sort of a preventative method?

That could be indeed useful for some advanced users. I personally use Comodo Security Suite which is quite helpful to prevent DLL hijacking. Using the 'Purge' functionality is removes the trust of no longer existing binary files thus when they pop up again you are required to allow them. You are also required to take action when a trusted binary gets updated. At least, this is how I configured mine thus no need to fiddle with CACLS.

 

[TreborG2]

It would be nice to know the names of the DLL files the EXE is looking for. With that info, you should be able to create empty dummy files, then use CACLS to block access to said DLL files preventing it from being overwritten by any trojan. Sort of a preventative method?

I believe they blocked them to lessen the pubic ability to openly use said file names .. as well as to limit the script kiddies etc..