Ursnif Trojan Adopts New Code Injection Technique

Discussion in 'malware problems & news' started by Minimalist, Dec 4, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,199
    Location:
    Slovenia
    https://threatpost.com/ursnif-trojan-adopts-new-code-injection-technique
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,507
    Location:
    The Netherlands
    I'm not sure what to think of this, it didn't become clear what new code injection was actually used. But it does seem to perform process hollowing on svchost.exe, that's why it's so important to simply block malware from the ability to run certain system processes as a child process. The new EXE Radar will give this option hopefully.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    6,450
    Location:
    U.S.A.
    https://www.fireeye.com/blog/threat...variant-malicious-tls-callback-technique.html
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,507
    Location:
    The Netherlands
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.