This Code Injection Technique can Potentially Attack All Versions of Windows

Get Lates Articles to Your Inbox Subscribe Now!

Home

Hacking

Tech

Deals

Cyber Attacks

Vulnerabilities

Malware

Spying

This Code Injection Technique can Potentially Attack

All Versions of Windows

Thursday, October 27, 2016

Swati Khandelwal

Guess what? If you own a Windows PC, which is fully-patched, attackers can sill hack your
computer.
Isn't that scary? Well, defnitely for mos of you.

http://thehackernews.com/2016/10/code-injection-attack.html[28/Oct/2016 12:53:33]

This Code Injection Technique can Potentially Attack All Versions of Windows

Security researchers have discovered a new technique that could allow attackers to inject malicious
code on every version of Microsoft's Windows operating sysem, even Windows 10, in a manner that
no exising anti-malware tools can detect, threaten millions of PCs worldwide.
Dubbed "AtomBombing," the technique does not exploit any vulnerability but abuses a designing
weakness in Windows.

New Code Injection Attack helps Malware Bypass Security

Measures
AtomBombing attack abuses the sysem-level Atom Tables, a feature of Windows that allows
applications to sore information on srings, objects, and other types of data to access on a regular
basis.
And since Atom are shared tables, all sorts of applications can access or modify data inside those
tables. You can read a more detailed explanation of Atom Tables on Microsoft's blog.
A team of researchers from cyber security company EnSilo,

who came up with the AtomBombing

technique, say this design faw in Windows can allow malicious code to modify atom tables and trick
legitimate apps into executing malicious actions on its behalf.
Once injected into legitimate processes, the malware makes it easier for

attackers to bypass security

mechanisms that protect such sysems from malware infections, the researchers said.

AtomBombing can Perform MITM Browser attack, Decrypt

Passwords, and More
Besides process level resrictions bypass, the AtomBombing code injection technique also allows
attackers to perform man-in-the-middle (MITM) browser attacks, remotely take screenshots of
targeted user desktops, and access encrypted passwords sored on a browser.

http://thehackernews.com/2016/10/code-injection-attack.html[28/Oct/2016 12:53:33]

This Code Injection Technique can Potentially Attack All Versions of Windows

Google Chrome encrypts your saved passwords using Windows Data Protection API (DPAPI), which
uses data derived from the current user to

encrypt or decrypt the data and access the passwords.

So, if malware is injected into a process which is already running in the context of the current user, it is
easy to access those passwords in

plain text.
Moreover, by injecting code into a web browser, attackers can modify the content shown to the user.

"For example, in a banking transaction process, the cusomer will always

be shown the exact

payment information as the cusomer intended via confrmation screens," the frm wrote.
"However, the attacker modifes the data so that the bank receives false transaction information in
favor of the attacker, i.e. a diferent desination account number and possibly amount."

No Patch for AtomBombing Attack

What's worse? The company said all versions of Windows operating sysem,

including Microsoft's
newes Windows 10, were afected. And What's even

worse? There is no fx at this moment.

"Unfortunately, this issue cannot be patched since it does not rely on broken or fawed code rather
on how these operating sysem mechanisms are designed," the researchers said.
Since the AtomBombing technique exploits legitimate operating sysem functions to carry out the
attack, Microsoft can not patch the issue without changing how the entire operating sysem works.
This is not a feasible solution, so there is no notion of a patch.

Swati Khandelwal

Technical Writer, Security Blogger and IT Analys. She is a Technology Enthusias with a keen
eye on the Cyberspace and other tech related developments.

Activate Free Newsletter Tool Easies Way to Stay Informed On Lates IT and Hacking
News

http://thehackernews.com/2016/10/code-injection-attack.html[28/Oct/2016 12:53:33]

This Code Injection Technique can Potentially Attack All Versions of Windows

Lates Stories
This Code Injection Technique can Potentially Attack All Versions of
Windows
Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack
your computer.
Isn't that scary? Well, d...

'Celebgate' Hacker Gets 18 Months in Prison for Hacking Celebrity Nude

Photos
The hacker who stole nude photographs of female celebrities two years ago in a massive
data breach famous as "The Fappening" ...

You Can Hijack Nearly Any Drone Mid-fight Using This Tiny Gadget
Now you can hijack nearly any drone mid-flight just by using a tiny gadget.
Security
researcher Jonathan Andersson has devised...

Comments ()

http://thehackernews.com/2016/10/code-injection-attack.html[28/Oct/2016 12:53:33]