Difference between revisions of "Darkmegi: this is not the Rootkit you’re looking for"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blogs.mcafee.com" to "") |
||
Line 5: | Line 5: | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|Link=http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for | |Link=http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for | ||
|Author=Craig Schmugar, | |Author=Craig Schmugar, | ||
|NomRevue=McAfee Blog Central | |NomRevue=McAfee Blog Central |
Latest revision as of 22:04, 5 August 2015
(Publication) Google search: [1]
Darkmegi: this is not the Rootkit you’re looking for | |
---|---|
Botnet | |
Malware | Darkmegi |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / Monday, April 16, 2012 |
Editor/Conference | McAfee |
Link | http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for (Archive copy) |
Author | Craig Schmugar |
Type |
Abstract
“ Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses a kernel rootkit component to maintain a stronghold on infected systems.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR989, editor = {McAfee}, author = {Craig Schmugar}, title = {Darkmegi: this is not the Rootkit you’re looking for}, date = {16}, month = Apr, year = {2012}, howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for}}, }