-
December 4th, 2011, 12:18 PM
#1
Stuxnet and driver
As far as I know, driver is used to be an interface between OS and hardware.
Both Duqu and Stuxnet use a kernel driver to decrypt and load certain encrypted files on the infected computer. The kernel driver serves as an "injection engine" for loading the files into a specific process, according to SecureWorks. "The kernel drivers for both Stuxnet and Duqu use many similar techniques for encryption and stealth, such as a rootkit for hiding files," the security vendor said in its report.
from:
http://news.idg.no/cw/art.cfm?id=A0D...F48A30CE1D5495
1-What is the kernel driver?
2-I read the article in wikipedia for DLL injection and it makes no sense, May someone tell me about it?What is difference between DLL injection and process injection?
Thanks in advance
-
December 6th, 2011, 03:52 AM
#2
Re: Stuxnet and driver
DLL injection will infect all traffic coming thru it in the future, versus the immediately running process.
-
December 8th, 2011, 02:58 PM
#3
Re: Stuxnet and driver
May you give me a simple code for DLL injection and explain more about it?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|