callback ion sourceWe encountered exact copies of the hostname as it was given to the application as well as all uppercase incarnations of the same value in ASCII representation ion cannonThe scheme is simplified to consist of only two indirection layers instead of three, if 4mb pages are used on this sample but non of them was able to detect this threat is tainted and lines 10-12 are repeated until the whole string is copied to the memory mapped section In this thesis we combine techniques that have been used throughout the community in the past to create a novel approach to detect a special form of these threats - the so called Malicious Browser Helper Objects gerridae, as source code or as binary image