AtomBombing exposes Windows users to cyberattacks

Microsoft / Security / Tech
AtomBombing

AtomBombing uses legitimate OS mechanisms and features to perform and hide malicious activity.

A new code injection method is being reported as exposing all Windows users to a potential cyberattack. The method is being dubbed AtomBombing, and was discovered by cybersecurity company enSilo. AtomBombing can currently bypass any security measures a user may have on their system by exploiting the Windows atom table where important system and app data is located. enSilo says that attackers can write their malicious code into these tables and coast right past any security programs that are in place.

“For example, let’s say an attacker was able to persuade a user to run a malicious executable, evil.exe. Any kind of decent application level firewall installed on the computer would block that executable’s communication. To overcome this issue, evil.exe would have to find a way to manipulate a legitimate program, such as a web browser, so that the legitimate program would carry out communication on behalf of evil.exe.”

“AtomBombing uses legitimate OS mechanisms and features to perform and hide malicious activity. The greatest concern is that when attackers are motivated they will always find creative techniques such as this one.

Since it’s new and has not yet been marked as malicious, this method will easily bypass any security product that attempts to heuristically block malicious activity. Recognizing that compromise is inevitable, organizations should consider a security strategy that assumes that attackers are already inside.”

AtomBombing is currently able to bypass antivirus software as there is no code to detect the malicious code. Microsoft is aware of the issue and is basically warning people to just take care of their browsing habits and what you click — which is what you should already be doing anyway.

“To help avoid malware infection, we encourage our customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. A user’s system must already be compromised before malware can utilize code-injection techniques. For more information on protecting computers against malware, please visit microsoft.com/protect/pc.”

What do you think of AtomBombing? Have you been exposed? Let us know your thoughts and comments below or on Twitter, Facebook and Google+.

  Source: ZDNet
Comments
To Top