Darkmegi: this is not the Rootkit you’re looking for
Revision as of 22:04, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " blogs.mcafee.com" to "")
(Publication) Google search: [1]
| Darkmegi: this is not the Rootkit you’re looking for | |
|---|---|
| Botnet | |
| Malware | Darkmegi |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / Monday, April 16, 2012 |
| Editor/Conference | McAfee |
| Link | http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for (Archive copy) |
| Author | Craig Schmugar |
| Type | |
Abstract
“ Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses a kernel rootkit component to maintain a stronghold on infected systems.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR989,
editor = {McAfee},
author = {Craig Schmugar},
title = {Darkmegi: this is not the Rootkit you’re looking for},
date = {16},
month = Apr,
year = {2012},
howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for}},
}