Protect your PC now
     Countless attacks blocked

Home > Software > ProcessGuard > Attacks



Home - Features - Attacks - Screenshots - Download - Purchase - Awards - Help

 Attacks - Introduction ...

This section documents the main types of attacks that processes can launch against other processes on a local system (such as a trojan attacking a security program, a rootkit injecting into a system process, or a firewall "leak test" attempting to hitch on a web-browser).

These process vs. process attack techniques can typically be categorised into three distinct, but related groups:

Termination - the attacking process attempts to kill the target process. Anti-virus stops working? a common attack is to kill antivirus software.

Suspension - the attacking process attempts to suspend the target process (usually by suspending all threads belonging to the target process), leaving it resident but in an inactive, frozen state.

Modification - the attacking process attempts to modify or inject code in the target process, usually with the intent of changing the behaviour of the target process, or hiding  its own code in the context of the target process. The target process remains resident and active, but in a modified state.

However, there are other types of attacks, including:
 
Hooks - the attacking process attempts to load a DLL into all processes on the system that use user32.dll, allowing it to then perform functions on behalf of other processes. This can make termination attacks easy, as well as firewall leaktests, password-stealers, spyware keyloggers, and more.

Thread Activation - the attacking process attempts to start a thread in another process, usually with the start address being a function like ExitProcess, or in the case of the Windows File Protection attack, a function that unloads Windows File Protection.

Leaktests - the attacking process attempts to transmit data to the Internet, usually using advanced techniques such as hooking and thread activation in order to bypass firewalls. Although not originally designed as an anti-leaktest program, ProcessGuard has been demonstrated to have remarkable results against such programs.

Drivers - kernel-mode drivers (.sys files) have the power to perform some very low-level functions, and in the case of rootkits they can actually modify the behaviour of critical operating system functions. 

All of the attacks represent a very serious and very real threat to local system security, particularly because the majority of people execute programs on their computer without actually knowing what the code in the program does. All of these attacks can be easily defeated by DiamondCS ProcessGuard!

 Attacks - In Detail ...
These pages describe some of the main types of attack that ProcessGuard protects against.

  Rootkits
  Code Modification
  Code Injection
  Process Termination
  Password Stealers
  Keyloggers
  Disabling Windows File Protection
  Global Hooks
  Leaktests
  User Imitation
  Physical Memory
  Miscellaneous Attacks



Copyright © 2008, Diamond Computer Systems Pty. Ltd.  All rights reserved.

Return to Top