posted in RAT sources, Tools & sources on Feb 15th, 2010
Name
Trj.Casper
Type
RAT
Author
Unknown
Written in
C
Description
This sourcecode dates back to 2004. It is quite old and its functionality is rather limited. The intresting part in this source code is the injection section which represents the biggest part of it. It contains an injection function based on the CreateRemoteThread call and all required functions to make it completely run in [...]
read full post »
posted in Tools & sources on Aug 4th, 2009
Tool name :
SkypeDLLInjector version 0.1
Description :
SkypeDLLInjector is a tool to demonstrate how DLL injection works. In this proof of concept it is applied to the Skype application. It consists of a loader application which remains running in the background and a DLL which will be injected into every newly started program via a system wide [...]
read full post »
posted in Reading material on Jul 3rd, 2009
This is a newer document from 2009 that explains DLL injection. Instead of using the often used Windows hooking method to inject a DLL into a running process in this example the author modifies the binary itself and loads the DLL when starting the executable file.
Download it here.
read full post »
posted in Articles on May 6th, 2009
In the first part of this series I wrote about the different ways how attackers propagate malware by sending an infectious executable file or an USB memory stick to their victims or let them pick up an infected file in a file sharing network like emule or bittorrent.
In this article, as promised in the first [...]
read full post »
posted in Articles on Mar 24th, 2009
Malware propagation is one of the most fascinating parts of the attackers activities and is attracting, besides the anger of the affected people, the most attention. It is the part where all the magic of infection and intrusion happens, where attackers release the malicious software to the wild and try to infect new victim systems [...]
read full post »