Sign in / up

back to article VXers eyeing 'undetectable' codeless code-injection technique

enSilo founder Udi Yavo has detailed a new code injection technique he claims will become commonplace in coming months. The codeless code injection system is the latest in a series that is critical to the operation of malware and security software. Yavo revealed the attack at the Cyber Defence Summit in Washington DC today, …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Interesting stuff.. I was doing a lot of this kind of thing in about 2003 making undetectable cheats for games (in my more immature years, now I put my skills to better use and make monies instead of high scores).

    I started doing things in the kernel but not to this level. Its pretty interesting hearing people talking about these techniques.

    0 0 Reply
  2. Pliny the Whiner

    I was eating foodless food (specifically, Soylent 2 with Icky Mold Option) while reading about this codeless code, which made the concept a little less bewildering. Since you're not injecting code, I'm assuming you're injecting instructions directly to memory in the name of some underlying, running process, which could include the holy grail of the kernel itself. In the context of an ATM, the difference might look like:

    LEGITIMATE CODE: successfully complete the following 8-step process before dispensing money

    versus

    BOGUS INJECTED INSTRUCTION: put machine in SERVICE/TEST mode and run cash dispenser

    Is this approximately right? I wonder when we reach the midway point, where half of a machine's horsepower and memory is dedicated to protecting the user environment. This seems like a giant leap forward in that direction.

    0 0 Reply
  3. SecretSonOfHG

    Less marketing, please

    So you run code without code? Forgive me, but that's absurd. Because if you make the machine execute your own instructions, then you're by its own definition... running code. Your code.

    Yes, I know that calling it "self deleting code" or "self hiding code" or something similar is much less attractive. But far more accurate. What's next, sexless sex?

    4 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Less marketing, please

      "What's next, sexless sex?"

      My wife already has a lock on that technique.

      4 0 Reply
      1. SecretSonOfHG
        Reply Icon

        Re: Less marketing, please

        "My wife already has a lock on that technique."

        Comment of the month material, if not of the year.

        0 0 Reply
    2. mythicalduck
      Reply Icon

      Re: Less marketing, please

      I was wondering this too, but I think what they are trying to say is that you don't need to put any code in the "host" process. All the malware stays within the device driver (.sys file)

      To be honest, if you've managed to install a system driver on the computer, I don't really get the need to inject into processes, but I might have missed something

      2 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Less marketing, please

      Just to clarify - it's not about the code being self deleting, it's that the code is injected directly into a shared memory (RAM) location. I.E. It's volatile and non persistent. Essentially it doesn't have to self delete as it never actually on any hard drive/persistent storage. The only way to trace it is through RAM forensics, but given the volatility of RAM, there is no guarantee that traces of the processes will still be there...

      You're right it isn't technically 'codeless' code, but in as much as it's non persistent and injected directly into memory, traditional hard drive forensics is literally pointless - it's not going to find anything!... perhaps invisible code would be a better name for it?

      0 0 Reply
  4. JimmyPage Silver badge
    WTF?

    er ... am I right in thinking

    "codelessn code" is another way of saying that instead of writing the code yourself, you direct code other people have written to do your dirty work, by crafting a config for it ?

    e.g. rm *.* -rf in a script ?

    News ?

    0 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like