Saturday , November 17 2018
Home / Security News / Registry Keys Vulnerable with COM Hijacking
Registry Keys Vulnerable with COM Hijacking

Registry Keys Vulnerable with COM Hijacking

Attacker are researching to find out the new techniques that could allow them to run a specious files that looks legitimate but is actually malicious, according to the research team at Cyberbit.
The component object model (COM) hijacking technique, which is usually used for attackers as a persistence mechanism, also it has evasive capabilities.

A proof of concept experiment which were run by the Cyberbit research team and detailed in today’s blog post reveals that actually the team has discovered hundreds of registry keys which were vulnerable to this attack. While most of the modern malware creators who use the code injection is to run the code within the context of a legitimate, whitelisted process, like a web browser.

Researchers have written that their findings were alarming. “Another troubling findings is the fact that adding these DLLs doesn’t even require a boot. Since most of the keys were affected immediately upon running the target process, some keys did not even require execution of the target process for a process which is already running such ‘Explorer.exe.’”

By using this technique the attackers have the complete legally load to run the malware while evading the detection, which is making it very easy for attackers to implement because it does not require the sophisticated code injection. While, yet it does have the privileges to perform any of sensitive actions, like connecting to the internet, according to the researcher.

“The purpose of this research was to uncover the scope of the problem, which is often overlooked by security products,” said Meir Brown, the director of research at Cyberbit. “The scope of the risk is wide since we have seen many critical windows processes which can load COM objects without verification. This generates an easy method of injection and persistence with minimal visibility.”

“The mitigation is to have a security solution which alerts on COM hijacking and to monitor any system error carefully since it may imply on COM hijacking,” Brown said.
“In addition, I would suggest carefully monitoring the specific registry keys like the one we have presented in our report which were used to load the popular COM objects.”

About Jahanzaib Khan

Jahanzaib Khan is the CEO of JahaSoft.Pk A Web Development, Digital Marketing & Web Hosting Company Based in Pakistan. https://www.JahaSoft.pk

Check Also

Stuxnet Returns, Striking Iran with New Variant

Stuxnet Returns, Striking Iran with New Variant

The most critical infrastructure of Iran and its strategic networks were attached with decade old …

Leave a Reply

Your email address will not be published. Required fields are marked *