Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Fileless Malware – A Behavioural Analysis of Kovter Persistence
(
airbuscybersecurity.com
)
78 points
by
adamnemecek
on April 3, 2016
|
hide
|
past
|
favorite
|
4 comments
zaroth
on April 4, 2016
[–]
Wow, that is a nasty little bug! Can't even see the registry keys in regedit because they contain a non-ASCII value in the subkey!
__float
on April 4, 2016
|
parent
[–]
Updating regedit probably moved just a tiny bit higher on some engineer's priority list :)
voltagex_
on April 4, 2016
|
root
|
parent
[–]
I thought regedit had this issue for ages, but it looks like I was thinking of null-terminated names -
http://www.kahusecurity.com/2014/registry-dumper-find-and-du...
(Googling shows references to this technique going back to 2004)
Pxtl
on April 4, 2016
|
root
|
parent
[–]
Fun how they protect this illicit key using permissions. Always nice to see security turned against the user by the malware.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
