Skip navigation.
Home

Code injection

| |

Not a new concept for sure.

A new wave of more difficult to remove malware? A new way of stealing information? Maybe.

In the last 6 months to a year it seems code injection and file infectors have "opened a new door". It's still seems to be the "replicate and destroy" but recently with infections like "Scribble" "sality" "alman" and "virut" some changes have begun to show in this "angle of attack".

Now instead of just replicating out of control the infections are replicating crazily, but also bringing down fake-alerts and other nasty things.

I wonder, are the writers attempting to move from the old "hook line and sucker" to something worse? Are they trying to infected programs with their own code to create a new generation of malware and scareware that uses code inside of your already installed programs?

Indeed.

Seen many times now in the wild are code injects into userinit.exe that cause a little red circle with a white X that's .... wait for it .... popping up saying they're infected!

What does this mean for the security world, the home users, the reversers, and those of us that get really really irritated with this stuph? Well, we all better get reading up on how to get this stuff out! New tools and detection methods need to be implemented, and, those who do not do this kind of stuff for a living need a better education on it.

Ajö AV

There's already many detection tools that see these kind of things.
One is ajö antivirus (which can only detect stuff).

You can find it on www.ajoav.com

Select "injected code detection" in preferences.