BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly

 

Monday, January 9, 2012

Storm Worm Process Injection from the Windows Kernel

0 comments

This paper will detail the analysis methods of W32/StormWorm.gen1 and show a process injection method it uses to run malicious code in user-space. This variant loads a driver into the kernel which then injects itself into the running services.exe process. The worm then connects to a P2P network sending spam, initiating DDoS from the infected computer. This technique does not use a packer in the traditional sense but a two-stage loader to inject itself into a running process from kernel space. I will show the decoding process and methods for extracting the true malicious code from the driver executable.

Attached Files


©2011, copyright BLACK BURN

0 comments:

Post a Comment

 

7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email