Leouncia - Yet another backdoor
Revision as of 21:50, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " blog.fireeye.com" to "")
(Publication) Google search: [1]
Leouncia - Yet another backdoor | |
---|---|
Botnet | Leouncia |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2010 / 2010-12-14 |
Editor/Conference | FireEye |
Link | http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html (Archive copy) |
Author | Atif Mushtaq |
Type |
Abstract
“ This is the second article in a row where I am going to disclose the presence of another new backdoor malware. I have recently seen this backdoor emerging on the threat landscape while investigating some targeted attacks. I named this malware Leouncia. Why? I'll make it clear later.
Like VinSelf, Leouncia is a powerful backdoor that is designed to take complete control over the infected machine. In terms of code base, both malware look very different, but during my investigation, I found some definite design similarities. I also found additional evidence that is sufficient to link the botnet operators behind these two malware.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1204, editor = {FireEye}, author = {Atif Mushtaq}, title = {Leouncia - Yet another backdoor}, date = {14}, month = Dec, year = {2010}, howpublished = {\url{http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html}}, }