Security researchers have developed an attack technique they say can
circumvent dozens of anti-virus products used to protect Windows desktops,
including McAfee, Sophos and Symantec’s Norton anti-virus.
Researchers at Matousec.com call the technique an “argument-switch” attack.
Many security vendors alter the kernel part of system call mechanism
implementation by modifying contents of the System Service Descriptor Table (SSDT),
a process called SSDT hooking. Essentially, the attack switches out safe code
given the green light by security software for malicious code. If the timing is
perfect, the malicious code can sneak by without triggering anti-virus alerts.
