In the last few days, Nettitude’s threat intelligence platform has picked up a mass phishing campaign – involving the distribution over nearly two million individual emails – targeting HMRC customers.
At Nettitude we collect a large amount of malware binary samples, both from our Honeypot network, from our customers and from incident response. One of the first steps we take is to calculate the MD5 hash of the malware and compare this hash to known samples, while unknown samples can be examined further by an analyst.
Hooking can be used by legitimate software for reverse engineering, for example, to examine the user mode function calls that a malicious program is making.
In a previous blog post I gave a high level overview of DLL injection, what it is used for and how it might be achieved.