Analysis of DarkMegi aka NpcDark
Jump to navigation
Jump to search
(Publication) Google search: [1]
Analysis of DarkMegi aka NpcDark | |
---|---|
Botnet | DarkMegi |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-04-20 |
Editor/Conference | StopMalvertising |
Link | http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html (Archive copy) |
Author | Kimberly |
Type | Blogpost |
Abstract
“ According to the analysis performed by McAfee Labs, DarkMegi was the first known threat delivered through the CVE-2012-0003 - MIDI Remote Code Execution Vulnerability. DarkMegi has also been distributed via the Gong Da Pack exploit kit and more recently via the Blackhole Exploit kit.
DarkMegi is complex and difficult to analyze; it involves more than just dropping a usermode component ( com32.dll) and a kernel driver (com32.sys) on the victim’s computer.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR4770, editor = {StopMalvertising}, author = {Kimberly}, title = {Analysis of DarkMegi aka NpcDark}, date = {20}, month = Apr, year = {2012}, howpublished = {\url{http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html}}, }