Difference between revisions of "Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "/ www." to "/ |Site=www.") |
||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ www.welivesecurity.com | |Link=http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ | ||
|Site=www.welivesecurity.com | |||
|Author=Aleksandr Matrosov | |Author=Aleksandr Matrosov | ||
|NomRevue=We Live Security | |NomRevue=We Live Security | ||
Latest revision as of 12:57, 31 July 2015
(Publication) Google search: [1]
| Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication | |
|---|---|
| Botnet | Avatar |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-05-01 |
| Editor/Conference | ESET |
| Link | http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ (Archive copy) |
| Author | Aleksandr Matrosov |
| Type | Blogpost |
Abstract
“ The story of the mysterious malware detected by ESET as Win32/Rootkit.Avatar began in February 2013 when some adverts for this rootkit leaked from Russian cybercrime forums (http://pastebin.com/maPY7SS8). This information produced some heated discussions in the malware research community, however a sample of the Avatar rootkit was not found and published, until now. In this blog we present an in-depth analysis of the Win32/Rootkit.Avatar family, which has some surprising features, and is currently available for sale or rent in the crimeware marketplace.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1325,
editor = {ESET},
author = {Aleksandr Matrosov},
title = {Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication},
date = {01},
month = May,
year = {2013},
howpublished = {\url{http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/}},
}