Tool Developed To Hide Malware Within .NET
By Daniele Salatti
Expert Author
Article Date: 2009-04-22
Most windows based modern computers come with the .NET Framework installed, so a security flaw in it could be a very dangerous threat - think to Conficker (and, by the way: take a look here and check if you are infected, then move to Linux or buy a Mac).
So, suppose you are a cracker (because hackers don't do such a thing - stop watching those stupid movies) and you find a way to attack the .NET Framework itself. It's an interesting attack vector, a part of the OS that isn't usually targeted.
It gives you a good protection against antivirus software, your piece of malicius code is not likely to be found and you can expect that almost all Windows computers will have the .NET Framework installed.
Thanks to the work of a security researcher now it's possible to execute application level rootkit attacks on the .NET Framework, thus enabling an attacker to hide malicious code inside its core. More on this and a PoC (Proof of Concept) can be found here.
Comments
About the Author:
Daniele Salatti is a 23 years old Italian guy. Informatic Engineering student at the University of Pisa, he is a passionate Linux user. Check out his blog at Salatti.net.
|
