Crisis for Windows sneaks onto virtual machines
Revision as of 21:31, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " août " to " aug")
(Publication) Google search: [1]
| Crisis for Windows sneaks onto virtual machines | |
|---|---|
| |
| Botnet | Crisis |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 20 aug2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines www.symantec.com (www.symantec.com Archive copy) |
| Author | Takashi Katsuki |
| Type | |
Abstract
“ Symantec reported new malware for Mac last month that we called OSX.Crisis. Kaspersky then reported that it arrives on the compromised computer through a JAR file by using social engineering techniques.
The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer. However, we found two special functions in the Windows version of the threat that Symantec detects as W32.Crisis.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1118,
editor = {Symantec},
author = {Takashi Katsuki},
title = {Crisis for Windows sneaks onto virtual machines},
date = {20},
month = Aug,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines www.symantec.com}},
}