MoVP 1.3 Desktops, heaps, and ransomware
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
MoVP 1.3 Desktops, heaps, and ransomware | |
---|---|
Botnet | Accdfisa, Tigger |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-09-12 |
Editor/Conference | Volatility labs |
Link | http://volatility-labs.blogspot.com.es/2012/09/movp-13-desktops-heaps-and-ransomware.html (Archive copy) |
Author | Michael Hale Ligh |
Type | Blogpost |
Abstract
“ The MoVP 1.3 plugin, named deskscan, enumerates desktops, desktop heap allocations, and associated threads. In the GUI landscape, a desktop is essentially a container for application windows and user interface objects. Malware utilizes desktops in various ways, from launching applications in alternate desktops (i.e. so the current logged-on user doesn't see) to ransomware that locks users out of their own desktop. We'll see some examples of both in this post.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR313, editor = {Volatility labs}, author = {Michael Hale Ligh}, title = {MoVP 1.3 Desktops, heaps, and ransomware}, date = {12}, month = Sep, year = {2012}, howpublished = {\url{http://volatility-labs.blogspot.com.es/2012/09/movp-13-desktops-heaps-and-ransomware.html}}, }