Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Hiding in plain sight.

23 Feb 2010   #1

Win 7 Ultimate 64-bit. SP1.
Hiding in plain sight.

There are many forms of malcode concealment, from the “obfuscated beyond recognition” to “in plain sight” yet seldom have we seen hijacking of compiler runtime stubs (although infection of compilers, ala Induc, has already been explored and exploited [1,2,3])

Obfuscation is typically easy to spot (especially when the authors try very hard to make it difficult to analyze) [4] and it is the likely reason why “in plain sight” techniques are starting to make an appearance as discussed by Billy [5].

One variation of such a technique is to hijack a call to a constructor or initialization routine within a compiler-emitted stub and point it at the malcode, with the assumption that most AV engines (and analysts) recognize and skip (or pay less attention to) compiler generated stubs.
Source -
Hiding in plain sight | SophosLabs blog

My System SpecsSystem Spec

 Hiding in plain sight.

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:33 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App