Leouncia - Yet another backdoor

From Botnets.fr
Revision as of 21:50, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " blog.fireeye.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Leouncia - Yet another backdoor
Botnet Leouncia
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2010 / 2010-12-14
Editor/Conference FireEye
Link http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html (Archive copy)
Author Atif Mushtaq
Type

Abstract

This is the second article in a row where I am going to disclose the presence of another new backdoor malware. I have recently seen this backdoor emerging on the threat landscape while investigating some targeted attacks. I named this malware Leouncia. Why? I'll make it clear later.

Like VinSelf, Leouncia is a powerful backdoor that is designed to take complete control over the infected machine. In terms of code base, both malware look very different, but during my investigation, I found some definite design similarities. I also found additional evidence that is sufficient to link the botnet operators behind these two malware.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1204,
   editor = {FireEye},
   author = {Atif Mushtaq},
   title = {Leouncia - Yet another backdoor},
   date = {14},
   month = Dec,
   year = {2010},
   howpublished = {\url{http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html}},
 }