Read on Sans PHP injection attacks have become increasingly popular lately. If you look at your web server logs I’m pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities. One of our readers, Blake, managed to capture some [...]

read full post »

      Name Trj.Casper   Type RAT     Author Unknown     Written in C     Description This sourcecode dates back to 2004. It is quite old and its functionality is rather limited. The intresting part in this source code is the injection section which represents the biggest part of it. It [...]

read full post »

Tool name : SkypeDLLInjector version 0.1   Description : SkypeDLLInjector is a tool to demonstrate how DLL injection works. In this proof of concept it is applied to the Skype application. It consists of a loader application which remains running in the background and a DLL which will be injected into every newly started program [...]

read full post »

This is a newer document from 2009 that explains DLL injection. Instead of using the often used Windows hooking method to inject a DLL into a running process in this example the author modifies the binary itself and loads the DLL when starting the executable file. Download it here.

read full post »

In the first part of this series I wrote about the different ways how attackers propagate malware by sending an infectious executable file or an USB memory stick to their victims or let them pick up an infected file in a file sharing network like emule or bittorrent. In this article, as promised in the [...]

read full post »

Malware propagation is one of the most fascinating parts of the attackers activities and is attracting, besides the anger of the affected people, the most attention. It is the part where all the magic of infection and intrusion happens, where attackers release the malicious software to the wild and try to infect new victim systems [...]

read full post »