Coat

Master Head

Will my security software prevent my confidential data from being transmitted to a hacker?

Will my security software stop a virus from corrupting or destroying my important documents?

TEST YOUR SECURITY SOFTWARE & find an answer to these questions right here. Learn more.

Let your voice be heard!!

Test your security software and publish your results on this website.



Test Description

The Coat leak-test rewrites its own memory and tries to establish an Internet connection. It rewrites its image base, image name, command line, Windows title etc. and it also changes the information of the main module in the module list. All this data resides in the address space of its process. All data is changed to match the image of the default browser. Then, it tries to establish the Internet connection.

Firewalls that are not able to handle this trick suffer from a serious design bug because they trust ring 3 data of malicious processes. They do not have their own internal list of running programs and obtain this information when it is needed. This gives malicious processes enough time to modify this data before they execute privileged actions. Firewalls that suffer from this flaw see the malicious process as something else, (e.g. the default browser) and allow the execution of privileged actions without any questions.

After initialization, Coat will attempt to connect to an external website. At this point, your firewall should be alerting you to the connection attempt.

Test Details
AuthorMatousec - Transparent security
Website http://www.matousec.com/
Type of TestHIPS and Firewall
Techniques usedSubstitution
Operating System(s)Windows 2000/ Windows XP
Number of Tests1
Zip filenameCoat.zip