Darkmegi: this is not the Rootkit you’re looking for
Jump to navigation
Jump to search
(Publication) Google search: [1]
Darkmegi: this is not the Rootkit you’re looking for | |
---|---|
Botnet | |
Malware | Darkmegi |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / Monday, April 16, 2012 |
Editor/Conference | McAfee |
Link | http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for (Archive copy) |
Author | Craig Schmugar |
Type |
Abstract
“ Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses a kernel rootkit component to maintain a stronghold on infected systems.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR989, editor = {McAfee}, author = {Craig Schmugar}, title = {Darkmegi: this is not the Rootkit you’re looking for}, date = {16}, month = Apr, year = {2012}, howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for}}, }