Analysis of DarkMegi aka NpcDark

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Analysis of DarkMegi aka NpcDark
Botnet DarkMegi
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-04-20
Editor/Conference StopMalvertising
Link http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html (Archive copy)
Author Kimberly
Type Blogpost

Abstract

According to the analysis performed by McAfee Labs, DarkMegi was the first known threat delivered through the CVE-2012-0003 - MIDI Remote Code Execution Vulnerability. DarkMegi has also been distributed via the Gong Da Pack exploit kit and more recently via the Blackhole Exploit kit.

DarkMegi is complex and difficult to analyze; it involves more than just dropping a usermode component ( com32.dll) and a kernel driver (com32.sys) on the victim’s computer.

Bibtex

 @misc{Kimberly2012BFR4770,
   editor = {StopMalvertising},
   author = {Kimberly},
   title = {Analysis of DarkMegi aka NpcDark},
   date = {20},
   month = Apr,
   year = {2012},
   howpublished = {\url{http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html}},
 }