DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893
A brief video of F-Secure's behavioral technology (DeepGuard 5) protecting a test system from being compromised via Internet Explorer CVE-2013-3893 zero-day exploit.
The IE version in this video is vulnerable, i.e., the system does not have October's updates installed. The exploit on the video has been used in real attacks and is very similar to ones mentioned by FireEye and Dell, right down to the runrun.exe payload encrypted with 0x95 XOR key. The attack is replayed from a webserver on an isolated test network.
The exploit sets and checks a cookie to avoid exploiting the same system twice. Once DeepGuard has blocked the exploit and forced the tab to close, IE will try to reopen the tab. Because the cookie was set, the JavaScript code skips the exploit and simply redirects the user to Naver.
Смотрите видео DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь F-Secure Labs 08 Октябрь 2013, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 2,159 раз и оно понравилось 1 людям.