Difference between revisions of "RootSmart malware utilizes GingerBreak root exploit"
Jump to navigation
Jump to search
m (1 revision imported) |
|
(No difference)
|
Revision as of 16:22, 7 February 2015
(Publication) Google search: [1]
RootSmart malware utilizes GingerBreak root exploit | |
---|---|
Botnet | |
Malware | RootSmart |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 3 février 2012 |
Editor/Conference | CS State University |
Link | http://www.csc.ncsu.edu/faculty/jiang/RootSmart/ www.csc.ncsu.edu (www.csc.ncsu.edu Archive copy) |
Author | Xuxian Jiang |
Type |
Abstract
“ Different from GingerMaster, this new malware does not directly embed the root exploit inside the app. Instead, it dynamically fetchs the GingerBreak root exploit from a remote server and then executes it to escalate its privilege. Such attack is reminiscent of an earlier proof-of-concept app called RootStrap that was written by Jon Oberheide to demonstrate such capability. But RootSmart seriously substantiates this threat as the first such malware in the wild. It also reminds the earlier Plankton spyware. But Plankton does not contain any root exploit.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR846, editor = {CS State University}, author = {Xuxian Jiang}, title = {RootSmart malware utilizes GingerBreak root exploit}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2012}, howpublished = {\url{http://www.csc.ncsu.edu/faculty/jiang/RootSmart/ www.csc.ncsu.edu}}, }