Difference between revisions of "A chat with NGR Bot"

From Botnets.fr
Jump to navigation Jump to search
m (1 revision imported)
 
 
Line 1: Line 1:
{{Publication
{{Publication
|Image=A Chat With NGR Bot.png
|Image=A Chat With NGR Bot.png
|Legend=
|Botnet=Dorkbot,
|Malware=,
|CCProtocol=,
|Operation=,
|Year=2012
|Date=2012-06-13
|Editor=InfoSec Institude
|Link=http://resources.infosecinstitute.com/ngr-rootkit/
|Author=Chong Rong Hwa,
|Abstract=NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was designed with the intention to steal digital identity, perform denial of service, and manipulate the domain name resolution (see image below for the impact analysis). This article aims to provide some technical insights of this NGR Bot V1.0.3 sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: (1) Encryption & tampering detection mechanism, (2) Functionalities, (3) Hooking technique, and the (4) Architecture Set-up for communicating with this malware.
|Document=
|Document=
|Licence=
|Licence=
|Video=
|Video=
|Link=http://resources.infosecinstitute.com/ngr-rootkit/ resources.infosecinstitute.com
|Author=Chong Rong Hwa,
|NomRevue=
|NomRevue=
|Date=June 13, 2012
|Editor=InfoSec Institude
|Year=2012
|ISBN=
|ISBN=
|Page=
|Page=
|Abstract=NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was designed with the intention to steal digital identity, perform denial of service, and manipulate the domain name resolution (see image below for the impact analysis). This article aims to provide some technical insights of this NGR Bot V1.0.3 sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: (1) Encryption & tampering detection mechanism, (2) Functionalities, (3) Hooking technique, and the (4) Architecture Set-up for communicating with this malware.
|Keyword=,
|Botnet=Dorkbot,
|Malware=,
|CCProtocol=,
|Operation=,
|Keyword=,  
}}
}}

Latest revision as of 21:26, 5 August 2015

(Publication) Google search: [1]

A chat with NGR Bot
A Chat With NGR Bot.png
Botnet Dorkbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-06-13
Editor/Conference InfoSec Institude
Link http://resources.infosecinstitute.com/ngr-rootkit/ (Archive copy)
Author Chong Rong Hwa
Type

Abstract

NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was designed with the intention to steal digital identity, perform denial of service, and manipulate the domain name resolution (see image below for the impact analysis). This article aims to provide some technical insights of this NGR Bot V1.0.3 sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: (1) Encryption & tampering detection mechanism, (2) Functionalities, (3) Hooking technique, and the (4) Architecture Set-up for communicating with this malware.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1039,
   editor = {InfoSec Institude},
   author = {Chong Rong Hwa},
   title = {A chat with NGR Bot},
   date = {13},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://resources.infosecinstitute.com/ngr-rootkit/}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=A_chat_with_NGR_Bot&oldid=5653"