Attackers execute NETWIRE backdoor trojan using a process hollowing technique

Discussion in 'malware problems & news' started by guest, Mar 20, 2019.

  1. guest

    guest Guest

    Attackers execute NETWIRE backdoor trojan using a process hollowing technique
    March 19, 2019
    https://cyware.com/news/attackers-e...-using-a-process-hollowing-technique-0db3ddaa
     
    guest, Mar 20, 2019
    #1
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    In other words, the key is to never auto-trust ANY process (system process or not), they should ALL be monitored with behavior blocker and EDR. Of course it also helps if you could simply block the process hollowing part. And I assume, if you block InstallUtil.exe from automatic network access, the trojan will have difficulty trying to phone home.
     
    Rasheed187, Mar 20, 2019
    #2
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,593
    Location:
    U.S.A.
    Per the Firewire detailed analysis:
    https://www.fireeye.com/blog/threat...hing-campaign-usage-of-process-hollowing.html

    The attack could have been prevented by just paying attention to a browser alert.
     
    itman, Mar 20, 2019
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...