Difference between revisions of "Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "/ www." to "/ |Site=www.") |
||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ www.welivesecurity.com | |Link=http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ | ||
|Site=www.welivesecurity.com | |||
|Author=Aleksandr Matrosov | |Author=Aleksandr Matrosov | ||
|NomRevue=We Live Security | |NomRevue=We Live Security |
Latest revision as of 12:57, 31 July 2015
(Publication) Google search: [1]
Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication | |
---|---|
Botnet | Avatar |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-01 |
Editor/Conference | ESET |
Link | http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/ (Archive copy) |
Author | Aleksandr Matrosov |
Type | Blogpost |
Abstract
“ The story of the mysterious malware detected by ESET as Win32/Rootkit.Avatar began in February 2013 when some adverts for this rootkit leaked from Russian cybercrime forums (http://pastebin.com/maPY7SS8). This information produced some heated discussions in the malware research community, however a sample of the Avatar rootkit was not found and published, until now. In this blog we present an in-depth analysis of the Win32/Rootkit.Avatar family, which has some surprising features, and is currently available for sale or rent in the crimeware marketplace.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1325, editor = {ESET}, author = {Aleksandr Matrosov}, title = {Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication}, date = {01}, month = May, year = {2013}, howpublished = {\url{http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/}}, }