Code Injection is a process of injection code (often malicious) into third party application’s memory. A lot of software is using this technique: from malware to game bots. To show this approach, let’s try to execute third party application’s internal function with our own parameters, hacking simple application. Warning, C and debugger knowledge are required!
This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated. Obviously, getting all of them to download updates over the Internet is both pricy and uncomfortable. The common solution is a WSUS (Windows Server Update Services) server, which is used to manage updates. It downloads the updates and delivers them to all other computers.
According to Kaspersky Lab, the number of malicious programs targeting Apple products is nearing 1800. In the first eight months of 2014 alone, researchers have found some 25 new families of malware for OS X.
It all started two years ago, when many antivirus companies tried to outdo each other with reports on catching a new malware with full-fledged functionality aimed at taking away cash from users of different online banking systems while fitting just in 19968 bytes of code.
Despite the fact that Russia (surprise!) is not among the leaders in computer infectioning by this method (three leaders are traditionally USA, Germany and the UK), we suppose it will be still useful to find out what makes many users in different corners of the world click on attachments in messages from unknown senders. Off we go!
The phone infection process has nothing unusual compared to the scheme that is already known for Android-based devices. A malicious APK file gets into the phone under the guise of the game called ‘Sex Xonix’, which supposedly gives you an opportunity to look at some naked women. Obviously, there is no way of stumbling upon such ‘treasure’ on Android Market. So it dwells on all sorts of second-class websites with questionable content, which attracts those who ‘like it hot’.
Browser Start Page Modifiers (Trojan.StartPage Family)
One of the best-known and most aggressive members of this family is, undoubtedly, Adware.Webalta.2 (according to Dr.Web’s classification). This piece of work is intended for viral advertising of webalta.ru, a Russian search engine, (we are happy to learn that, by now, this resource has fallen into decay and refuses to find whatsoever :))