Re: Cybercriminals and open source exploit code
So the person infecting the system has to have access to the system to execute the code... or are they sending the code in via infected e-mail (suchg as a binary) or drive-by from a web page (such as a javascript exploit?).
I'd guess it's someone getting into the system and executing the code from their computer, or they remove the executionable once the code is in memory, so the problem is still with the initial intrusion. Doesn't make it any better, of cause, but understanding the process is important in developing a counter - and to be honest, what AV / Malware protection doesn't periodically scan the memory anyway? Or is it simply that the scripts don't show as malicious so go unreported?
Would be interesting to see what emerges from the investigation - if anything.