New code injection method exposes all versions of windows to cyberattack zdnet

Researchers have disclosed a fresh attack against Microsoft’s Windows operating system which can be used to inject malicious code and compromise user PCs.

On October 27, cybersecurity company enSilo’s research team disclosed a practice called "AtomBombing" that can be launched against every version of Windows to bypass current security solutions which protect such systems from malware infections.

The technique is dubbed AtomBombing as it relies on underlying Windows atom tables to exploit a system ssd file recovery software. Atom tables are used to store strings and identifiers by Windows which support other application functions.

The enSilo research team says that by writing malicious code into an atom table and forcing a legitimate program to retrieve this code, security software would not be able to detect attacks using this method.


The researchers say: "For example, let’s say an attacker was able to persuade a user to run a malicious executable, evil.exe top 10 file recovery software. Any kind of decent application level firewall installed on the computer would block that executable’s communication.

To overcome this issue, evil.exe would have to find a way to manipulate a legitimate program, such as a web browser, so that the legitimate program would carry out communication on behalf of evil.exe."

If an attacker used the AtomBombing technique, they would be able to bypass security products, extract sensitive information, take screenshots, and access encrypted passwords.

The latter is possible as Google Chrome encrypts stored passwords using Windows Data Protection API (DPAPI) and if malware is injected into a process which runs in the context of the current user, these passwords can then be revealed in plain text — as the API utilizes current user data to encrypt and decrypt information, as well as access these passwords.

There are a handful of code injection techniques which are already known and once established, antivirus software vendors update their signatures to prevent endpoint compromise aidfile recovery software key. However, as a new technique, enSilo says this method is able to bypass current antivirus software, alongside all current endpoint infiltration prevention solutions.

As AtomBombing utilizes underlying Windows mechanisms rather than relying on security flaws or broken code to exploit machines, there is no fix or patch available.

As noted by the research team, the only way to potentially mitigate attacks using this tool is to dive deeply into the API and monitor for any suspicious changes.

It is simply one more attack in the hacking toolbox, and so as problems like this design flaw will always be exploited if they can be, the best defense is knowing about it — especially when there is no solution available.

"AtomBombing uses legitimate OS mechanisms and features to perform and hide malicious activity aidfile recovery software register code. The greatest concern is that when attackers are motivated they will always find creative techniques such as this one.

Since it’s new and has not yet been marked as malicious, this method will easily bypass any security product that attempts to heuristically block malicious activity recover deleted files windows 8 without software. Recognizing that compromise is inevitable, organizations should consider a security strategy that assumes that attackers are already inside."

Update 9.28GMT: A Microsoft spokesperson told ZDNet: "To help avoid malware infection, we encourage our customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers android file recovery software. A user’s system must already be compromised before malware can utilize code-injection techniques free software to recover files from corrupted pen drive. For more information on protecting computers against malware, please visit microsoft.com/protect/pc."

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy free sd card file recovery software. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.

You will also receive a complimentary subscription to the ZDNet’s Tech Update Today and ZDNet Announcement newsletters free software to repair corrupted video files. You may unsubscribe from these newsletters at any time.