Friday, January 06, 2006
Fighting malware by controlling process creation Part 1

I've decided it's time to fight back and provide some tools for people to fight malware.

The first step to fighting it on your machine (this article is geared to the more technical crowd) is being able to stop it from loading, replicating, and communicating.

1. Always review your firewall rules.

2 . Process Creation

 

NtCreateSection

MiFindImageSectionObject

MiLockPfnDatabase

MiInsertImageSectionObject

MiCreateImageFileMap

NtCreateProcessEx

MmCreateProcessAddressSpace

MmCreatePeb

BasePushProcessParameters

BaseCreateStack

 

1/6/2006 10:45:53 PM (Eastern Standard Time, UTC-05:00)  #    Disclaimer  |  Comments [0]  |  Trackback
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):