Reply to post: "cunning VBScript"

Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes

Brian Miller
Pirate

"cunning VBScript"

If Visual BASIC is your threat, then dump BASIC! As for hiding something within another process, that's sort of old hat. Also, for naming their files to "blend in" with Windows, what did they expect? A file name of "EvilL33tCodzHere.dll"? That's another trick that's very old hat.

Really, the only part here that required effort was the attackers writing their own in-memory loader. The rest of it was just going through the motions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021