Reply to post: Re: Cybercriminals and open source exploit code

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords

PatientOne

Re: Cybercriminals and open source exploit code

So the person infecting the system has to have access to the system to execute the code... or are they sending the code in via infected e-mail (suchg as a binary) or drive-by from a web page (such as a javascript exploit?).

I'd guess it's someone getting into the system and executing the code from their computer, or they remove the executionable once the code is in memory, so the problem is still with the initial intrusion. Doesn't make it any better, of cause, but understanding the process is important in developing a counter - and to be honest, what AV / Malware protection doesn't periodically scan the memory anyway? Or is it simply that the scripts don't show as malicious so go unreported?

Would be interesting to see what emerges from the investigation - if anything.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon