Security experts have discovered a way to inject malicious code into Windows 10, and presumably any other active version of the operating system. The process, which they have nicknamed “Atombombing”, does not rely on exploiting bugs or bad code in the OS and simply works through the way in which the OS is designed and functions. As such, it circumvents security software and there can be no way to patch the OS unless the vulnerable sections of code are redesigned.
This discovery reinforces the need for users to be more savvy about how they use their computers and to not stick USBs in their ports willy nilly, to make sure they have a malware-advisory plugin running to prevent them visiting dodgy websites and to not download software or other digital goods from pirate sites.
Ensilo explains the exploit as being associated with atom tables, this is an underlying Windows mechanism which allows applications to store and access data. Windows’ atom tables also share data between applications. “What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table,” Ensilo says. “We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.”
Malicious code might be software that renders your computer unusable, deletes your photos and documents, encrypts them and demands a ransom for their release, or makes your PC into a zombie running other malware as part of a botnet, such as those used to carry out distributed denial of service (DDoS) attacks on the internet to shut down web sites or allow hackers to gain entry to password vaults or bank client lists.