Hope CIS’s Defense+ can catch this DLL injection technique:
http://blog.threatfire.com/2009/08/clampis-evasive-injection-technique.html
Nice find. I am interested to know this as well.
Now let’s find someone with the source of this baddie >:-D
Yep. I will try.
This techique will finally call the API CreateRemoteThread
and CreateRemoteThread is based on NtCreateThreadEx
COMODO has hooked NtCreateThreadEx.
so , the techique won’t work…
CFP, EQS and OA all detect it.
[attachment deleted by admin]