BLACK BURN HACKER. Powered by Blogger.

Real Money Instantly


Monday, January 9, 2012

Storm Worm Process Injection from the Windows Kernel


This paper will detail the analysis methods of W32/StormWorm.gen1 and show a process injection method it uses to run malicious code in user-space. This variant loads a driver into the kernel which then injects itself into the running services.exe process. The worm then connects to a P2P network sending spam, initiating DDoS from the infected computer. This technique does not use a packer in the traditional sense but a two-stage loader to inject itself into a running process from kernel space. I will show the decoding process and methods for extracting the true malicious code from the driver executable.

Attached Files

©2011, copyright BLACK BURN


Post a Comment


7 Years Earning Experience

The Earning Source You Can Trust

Follow by Email