Darkmegi: this is not the Rootkit you’re looking for

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Darkmegi: this is not the Rootkit you’re looking for
Botnet
Malware Darkmegi
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / Monday, April 16, 2012
Editor/Conference McAfee
Link http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for (Archive copy)
Author Craig Schmugar
Type

Abstract

Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses a kernel rootkit component to maintain a stronghold on infected systems.

Bibtex

 @misc{Schmugar2012BFR989,
   editor = {McAfee},
   author = {Craig Schmugar},
   title = {Darkmegi: this is not the Rootkit you’re looking for},
   date = {16},
   month = Apr,
   year = {2012},
   howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for}},
 }