Darkmegi: this is not the Rootkit you’re looking for
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
Darkmegi: this is not the Rootkit you’re looking for | |
---|---|
Botnet | |
Malware | Darkmegi |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / Monday, April 16, 2012 |
Editor/Conference | McAfee |
Link | http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for (Archive copy) |
Author | Craig Schmugar |
Type |
Abstract
“ Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses a kernel rootkit component to maintain a stronghold on infected systems.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR989, editor = {McAfee}, author = {Craig Schmugar}, title = {Darkmegi: this is not the Rootkit you’re looking for}, date = {16}, month = Apr, year = {2012}, howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for}}, }