Blog Posts Tagged with "Rootkits"
September 23, 2012 Added by:Andrew Case
In order to have samples to test against, I used the sample provided by SecondLook on their Linux memory images page, and I also loaded the Jynx2 rootkit against a running netcat process in my Debian virtual machine that was running the 2.6.32-5-686 32-bit kernel...
September 18, 2012 Added by:Andrew Case
KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...
September 16, 2012 Added by:Andrew Case
This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...
May 21, 2012 Added by:Bill Gerneglia
As the severity of cyber-crimes continues to grow, it’s important to understand the types of malware involved and how they work. Many forms of malware might be familiar, but they evolve as counter measures force adaptation. Today, the adaptation is driven by professional criminals...
February 24, 2012 Added by:Eric Cissorsky
The deadline should be treated as an opportunity for your organization to learn and refine their processes and procedures. Like any other virus outbreak, this requires a coordinated effort between security professionals, systems administrators and other stakeholders...
December 28, 2011 Added by:Pierluigi Paganini
These are works in progress and they will be improved with components developed to attack strategic targets. Which are the features that we believe may be present in future versions of these dreaded malware? Asking yourself this question is crucial to guide research...
December 07, 2011 Added by:Emmett Jorgensen
There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside. Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels...
November 17, 2011 Added by:Headlines
“Why go to all this trouble to deploy a simple key-logger? Given that there are additional drivers waiting to be discovered, we can liken Duqu to a sophisticated rocket launcher – we have yet to see the real ammunition appear..."
July 26, 2011 Added by:Robert Siciliano
In February alone, approximately 2.75 million new malware samples were recorded. Fake antivirus software had an active quarter as well, reaching its highest levels in more than a year, with 350,000 unique samples recorded in March. Mobile malware is the new frontier of cybercrime...
July 19, 2011 Added by:Kevin McAleavey
One of the more useful tools for Windows clients was a product called "Steady State." It allowed a system to be "snapshotted" and in the event of malware intrusion, a reboot would restore the client to its previous snapshot. But like most good ideas, Microsoft discontinued it...
July 17, 2011 Added by:Kevin McAleavey
Client-side "layered security" is a mess. It fails because people are so irritated by all the alerts that they don't understand. They no longer trust their security arrangements, and when they visit a site that offers a rogue antivirus and no alert pops up, they let it run for a second opinion...
July 07, 2011 Added by:Kevin McAleavey
TDL4 has publicly caused the security industry to transition into full panic mode and literally throw in the towel as the solution to this and other malware continues to elude the industry according to widespread reports, while our attention was distracted by the kiddie wars on the Lulzboat...
June 30, 2011 Added by:Headlines
“The development of TDSS will continue. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze..."
June 10, 2011 Added by:Lee Munson
Most of these questions will seem like common sense but make sure that you look at your booklet before the test and give the answer they want. A lot of us may have different ways of dealing with clients but if you want to past your test, give the answer that they want you to give...
June 07, 2011 Added by:Headlines
"If the victim computer is located on a network using the DHCP protocol, the worm starts scanning the network to see if there are any available IP addresses. After that, the worm launches its own DHCP server and starts listening to the network..."
March 24, 2011 Added by:Pascal Longpre
Documents leaked in the attack on HBGary shed light on numerous rootkit technologies designed to evade or bypass mainstream detection software and circumvent protections thought to be unbreakable by design. Malware like this also renders disk encryption, DLP and SIEM solutions mostly irrelevant...
Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013
Starting to Clean Up the Mess from PCAnywher... Peggy Patterson on 06-18-2013