Ursnif Trojan Adopts New Code Injection Technique

Discussion in 'malware problems & news' started by Minimalist, Dec 4, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    https://threatpost.com/ursnif-trojan-adopts-new-code-injection-technique
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,883
    Location:
    The Netherlands
    I'm not sure what to think of this, it didn't become clear what new code injection was actually used. But it does seem to perform process hollowing on svchost.exe, that's why it's so important to simply block malware from the ability to run certain system processes as a child process. The new EXE Radar will give this option hopefully.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    https://www.fireeye.com/blog/threat...variant-malicious-tls-callback-technique.html
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,883
    Location:
    The Netherlands
Loading...