Blog Posts Tagged with "Rootkits"

Bdcd1324539ec513ff7c10014b9668b6

Analyzing Jynx and LD_PRELOAD Based Rootkits

September 23, 2012 Added by:Andrew Case

In order to have samples to test against, I used the sample provided by SecondLook on their Linux memory images page, and I also loaded the Jynx2 rootkit against a running netcat process in my Debian virtual machine that was running the 2.6.32-5-686 32-bit kernel...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Analyzing the KBeast Rootkit and Detecting Hidden Modules with Volatility

September 18, 2012 Added by:Andrew Case

KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Analyzing the Average Coder Rootkit, Bash History, and Elevated Processes with Volatility

September 16, 2012 Added by:Andrew Case

This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Malware Threats: Save Your Company Now

May 21, 2012 Added by:Bill Gerneglia

As the severity of cyber-crimes continues to grow, it’s important to understand the types of malware involved and how they work. Many forms of malware might be familiar, but they evolve as counter measures force adaptation. Today, the adaptation is driven by professional criminals...

Comments  (0)

C6b9a422851928980389afe33c48e213

DNSChanger, March 8th and You

February 24, 2012 Added by:Eric Cissorsky

The deadline should be treated as an opportunity for your organization to learn and refine their processes and procedures. Like any other virus outbreak, this requires a coordinated effort between security professionals, systems administrators and other stakeholders...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

The Next Cyber Weapon: Hypothesis on Stuxnet Three

December 28, 2011 Added by:Pierluigi Paganini

These are works in progress and they will be improved with components developed to attack strategic targets. Which are the features that we believe may be present in future versions of these dreaded malware? Asking yourself this question is crucial to guide research...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Importance of a Secure Supply Chain in Selecting IT Vendors

December 07, 2011 Added by:Emmett Jorgensen

There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside. Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Duqu May Actually Be An Advanced Cyber Weapon

November 17, 2011 Added by:Headlines

“Why go to all this trouble to deploy a simple key-logger? Given that there are additional drivers waiting to be discovered, we can liken Duqu to a sophisticated rocket launcher – we have yet to see the real ammunition appear..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

McAfee Reports Most Malware Ever in Early 2011

July 26, 2011 Added by:Robert Siciliano

In February alone, approximately 2.75 million new malware samples were recorded. Fake antivirus software had an active quarter as well, reaching its highest levels in more than a year, with 350,000 unique samples recorded in March. Mobile malware is the new frontier of cybercrime...

Comments  (2)

Ba829a6cb97f554ffb0272cd3d6c18a7

Solving The End User Problem

July 19, 2011 Added by:Kevin McAleavey

One of the more useful tools for Windows clients was a product called "Steady State." It allowed a system to be "snapshotted" and in the event of malware intrusion, a reboot would restore the client to its previous snapshot. But like most good ideas, Microsoft discontinued it...

Comments  (3)

Ba829a6cb97f554ffb0272cd3d6c18a7

Seven Security Blankets and I'm Still Short-Sheeted

July 17, 2011 Added by:Kevin McAleavey

Client-side "layered security" is a mess. It fails because people are so irritated by all the alerts that they don't understand. They no longer trust their security arrangements, and when they visit a site that offers a rogue antivirus and no alert pops up, they let it run for a second opinion...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Throwing in the Towel: The Sorry State of Client Security

July 07, 2011 Added by:Kevin McAleavey

TDL4 has publicly caused the security industry to transition into full panic mode and literally throw in the towel as the solution to this and other malware continues to elude the industry according to widespread reports, while our attention was distracted by the kiddie wars on the Lulzboat...

Comments  (13)

69dafe8b58066478aea48f3d0f384820

Researchers Uncover 4.5 Million Device Super-Botnet

June 30, 2011 Added by:Headlines

“The development of TDSS will continue. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze..."

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

Questions Likely to be Asked on a Security Certification

June 10, 2011 Added by:Lee Munson

Most of these questions will seem like common sense but make sure that you look at your booklet before the test and give the answer they want. A lot of us may have different ways of dealing with clients but if you want to past your test, give the answer that they want you to give...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

TDSS Rootkit Boasts Self-Propagating Mechanisms

June 07, 2011 Added by:Headlines

"If the victim computer is located on a network using the DHCP protocol, the worm starts scanning the network to see if there are any available IP addresses. After that, the worm launches its own DHCP server and starts listening to the network..."

Comments  (0)

43559f6a0465c923b496a260211995c0

HBGary Rootkits: Catch Me If You Can!

March 24, 2011 Added by:Pascal Longpre

Documents leaked in the attack on HBGary shed light on numerous rootkit technologies designed to evade or bypass mainstream detection software and circumvent protections thought to be unbreakable by design. Malware like this also renders disk encryption, DLP and SIEM solutions mostly irrelevant...

Comments  (3)

Page « < 1 - 2 > »