/?pid=new-code-injection-method-avoids-malware-detection-19186

Updated:06:32 PM EST Mar 03
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 New code injection method avoids malware detection - TechAmok

New code injection method avoids malware detection - [security]
11:01 AM EST - Dec,07 2017 - post a comment

Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelganging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code.

The process is very similar to a technique called Process Hollowing, but software companies can already detect and mitigate risks from the older attack method. Process Hollowing occurs when memory of a legitimate program is modified and replaced with user-injected data causing the original process to appear to run normally while executing potentially harmful code.

Unlike the outdated hollowing technique, Process Doppelganging takes advantage of how Windows loads processes into memory. The mechanism that loads programs was originally designed for Windows XP and has changed little since then.

To attempt the exploit, a normal executable is handed to the NTFS transaction and then overwritten by a malicious file. The NTFS transaction is a sandboxed location that returns only a success or failure result preventing partial operations. A piece of memory in the target file is modified. After modification, the NTFS transaction is intentionally failed so that the original file appears to be unmodified. Finally, the Windows process loader is used to invoke the modified section of memory that was never removed

Short overview of recent news articles

Windows 11 Upgrade Bug 'Deletes the Internet' for Some Users, (Mar,03 2026 )

Open-Source AI 'Hacker' Shannon Explodes to Fame with 96% Exploit (Mar,03 2026 )

Google Drops Massive Android Security Patch: Fixes 129 Flaws (Mar,03 2026 )

Apple Unveils iPhone 17e: MagSafe, A19 Chip, and Double Storage at (Mar,02 2026 )

NVIDIA GeForce 595.71 WHQL Driver (Mar,02 2026 )

Russian-Linked APT28 Exploits Zero-Day in Legacy MSHTML Engine to (Mar,02 2026 )

Honor Unveils Mind-Blowing Robot Phone with Dancing Camera at MWC (Mar,02 2026 )

Resident Evil 9 Requiem - Bonus DLC (Mar,02 2026 )

Microsoft's Copilot Discord Server Locked Amid 'Microslop' Spam (Mar,01 2026 )

Anghami CEO Open-Sources Powerful Real-Time Global War Monitor (Mar,01 2026 )

Chinese Developers Unleash Blazing-Fast Android AI Agent with (Mar,01 2026 )

Claude Surges to #1 on App Store as ChatGPT Faces Boycott Backlash (Mar,01 2026 )

Google Reveals Key New Features of Android 17 (Feb,28 2026 )

OLED Gaming Monitors Are Finally Affordable (Feb,28 2026 )

OpenAI's KYC Partner Exposed in Surveillance Scandal as ChatGPT (Feb,28 2026 )

Pentagon Blacklists Anthropic Over AI Safeguards; OpenAI Secures (Feb,28 2026 )

Have RAM and GPU Prices Peaked? (Feb,27 2026 )

Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in (Feb,27 2026 )

Stop WASTING Money on Fancy RAM (Feb,27 2026 )

Drunk AI robot (Feb,27 2026 )

AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in (Feb,26 2026 )

Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for (Feb,26 2026 )

Apple Scores Historic NATO Security Clearance: iPhone and iPad First (Feb,26 2026 )

Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain (Feb,26 2026 )

Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S (Feb,26 2026 )

Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro (Feb,26 2026 )

The Galaxy S26 Ultra has a 'wow' feature with video Lock (Feb,26 2026 )

I built the most BORING PC possible... and here is why it's (Feb,26 2026 )

Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 (Feb,26 2026 )

UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory (Feb,26 2026 )

Samsung Previews New AI Features Ahead of Flagship Phone Launch (Feb,25 2026 )

China's DeepSeek Bars Nvidia and AMD from New AI Model, Boosts (Feb,25 2026 )

Avast Impersonation Scam: Fake Site Tricks Users into Handing Over (Feb,25 2026 )

Microsoft Pulls the Plug: Windows Server 2016 and 2016-Era Windows (Feb,25 2026 )

I Scrapped 13 MACHINES to Prove a Point: STOP BUYING These Brands! (Feb,25 2026 )

How Stealthy was the 7zip Malware and how to spot it? (Feb,25 2026 )

Microsoft Drops Fresh Non-Security Boost for Windows 11 24H2 and (Feb,25 2026 )

Game-Changer: ASML's 1kW EUV Upgrade Promises 50% Chip Production (Feb,24 2026 )

This Outstanding Cooling Technology Might Have No Future (Feb,24 2026 )

AMD Strix Halo 395 vs Intel Panther Lake - Real Benchmarks (Feb,24 2026 )

Anthropic published a blog post saying Claude can modernize COBOL (Feb,24 2026 )

WhatsApp Goes Beyond 2FA: Extra Password Layer Makes Accounts Nearly (Feb,24 2026 )

Google Chrome Gets February 23 Security Boost with 3 High Fixes (Feb,24 2026 )

Stargate Stalls: OpenAI's $500B Dream Hits Roadblocks as $14B 2026 (Feb,23 2026 )

Google Crushes Cyber Threats: Blocks 1.75 Million Bad Apps and Bans (Feb,23 2026 )

Bitcoin Miner Bitdeer Sells Everything: Treasury Hits Zero in AI (Feb,22 2026 )

HW News - More Valve RAM Shortages, Tariffs Ruling, AI Causes PS6 (Feb,22 2026 )

Microsoft's Deep Integration of Copilot in Windows 11 Raises (Feb,22 2026 )

Elon Musk Confirms X Money Now Live in Internal Beta for Employees, (Feb,22 2026 )

Scream (1996) Flashback Review (Feb,22 2026 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs