AtomicBombing – brand new code injection form windows

AtomicBombing – brand new code injection form windows(breakingmalware.com)

15 points by giosch 9 years ago

aq3cn 9 years ago |

Speaking to ZDNet, Tal Liberman, security research team leader at enSilo said:

> "AtomBombing uses legitimate OS mechanisms and features to perform and hide malicious activity. The greatest concern is that when attackers are motivated they will always find creative techniques such as this one.

> Since it's new and has not yet been marked as malicious, this method will easily bypass any security product that attempts to heuristically block malicious activity. Recognizing that compromise is inevitable, organizations should consider a security strategy that assumes that attackers are already inside."

Update 9.28GMT: A Microsoft spokesperson told ZDNet:

> "To help avoid malware infection, we encourage our customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. A user's system must already be compromised before malware can utilize code-injection techniques. For more information on protecting computers against malware, please visit microsoft.com/protect/pc."

Source: http://www.zdnet.com/article/code-injection-exposes-all-vers...

revelation 9 years ago | |

What a horrible article, and the researcher isn't exactly helping clear up the confusion either.

Code injection (step 2) isn't a security concern, malware running code on your system (step 1) is. Of course antivirus fail at preventing step 1, so they cobble together more heuristics to prevent step 2.

In the process, they alert people about Fraps or Steam, which all use code injection for perfectly legitimate purposes.

CurtHagenlocher 9 years ago |

Discussion from yesterday at https://news.ycombinator.com/item?id=12824367