"Skype" Trojan analysis

Friday, 5 January 2007, 12:06 AM EST

This trojan uses interesting techniques such as encrypted data, obfuscated function loading, delta based data addressing (for injected code), its own IAT-like array that get injected into the remote processes, the offsets made up to call various subfunctions (no direct cross references), the download of payloads from a remote website for execution on the heap, and etc.

The file was protected with "NTkrnl Secure Suite", a commercial protection system using anti-cracking techniques, polymorphic engines, and other interesting features.

At the Websense blog.

[ Read more ]




Spotlight

How safe are Android-based children’s tablets?

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Feb 26th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //