Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication
Jump to navigation
Jump to search
(Publication) Google search: [1]
Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication | |
---|---|
Botnet | Avatar |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-01 |
Editor/Conference | ESET |
Link | http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ (Archive copy) |
Author | Aleksandr Matrosov |
Type | Blogpost |
Abstract
“ The story of the mysterious malware detected by ESET as Win32/Rootkit.Avatar began in February 2013 when some adverts for this rootkit leaked from Russian cybercrime forums (http://pastebin.com/maPY7SS8). This information produced some heated discussions in the malware research community, however a sample of the Avatar rootkit was not found and published, until now. In this blog we present an in-depth analysis of the Win32/Rootkit.Avatar family, which has some surprising features, and is currently available for sale or rent in the crimeware marketplace.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1325, editor = {ESET}, author = {Aleksandr Matrosov}, title = {Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication}, date = {01}, month = May, year = {2013}, howpublished = {\url{http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/}}, }