Nov 17 2007

Chinese hacker xyzreg claims to have broken Kaspersky Anti-Virus Technology

Published by at 8:18 pm under Chinese Malware

Chinese hacker xyzreg claims to have broken Kaspersky Anti-Virus Technology

 

卡巴最新查毒技术被中国黑客攻破

 

kasperhack.JPG

 

        In the headlines on Hackbase, one of China’s largest hacker websites, claims are being made that a Chinese hacker/researcher named xyzreg has broken Kaspersky’s newest anit-virus technology. His announcement was made at the Chinese 2007 Security Focus Summit. During the summit he demonstrated how to penetrate the security software defenses of Kaspersky, Norton and McAfee. He has posted the method for breaking Kaspersky 7.0 on his blog.

More details as I can find them.

UPDATE: Found xyzreg’s blog. I will post the information but please remember I am just a linguist and this might as well be in Chinese…wait…anyway here is what he posted:

[2007/11/09 13:46 | by xyzreg ]

It only took me several lines (10 or so) of code and I broke it, it didn’t even take all my skill.

DWORD fpid,epid;
void VMM()
{
PROCESSENTRY32 pe;
HANDLE hkz=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize=sizeof(PROCESSENTRY32);
if (Process32First(hkz,&pe))
{
do
{
if (pe.th32ProcessID==GetCurrentProcessId())
{
fpid=pe.th32ParentProcessID;
}
if (stricmp(pe.szExeFile,”explorer.exe”)==0)
{
epid=pe.th32ProcessID;
}
}
while(Process32Next(hkz,&pe));
}
}
Main Function:
VMM();
if(fpid!=epid)
return 0;
You don’t understand? Then don’t look at it. It’s common sense, common sense…

UPDATE: The real name of xyzreg appears to be 张翼(Zhang Yi).

MORE UPDATES: Zhang Yi attended the Xcon 2007 Conference that I was at in 2006.

xcon2007.JPG

xconxyz.JPG

Comments Off

Comments are closed at this time.