It’s not the end of the world: DarkComet misses by a mile
(Publication) Google search: [1]
| It’s not the end of the world: DarkComet misses by a mile | |
|---|---|
| |
| Botnet | DarkComet |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 16 mars 2012 |
| Editor/Conference | Arbor Networks |
| Link | http://ddos.arbornetworks.com/2012/03/its-not-the-end-of-the-world-darkcomet-misses-by-a-mile/ (Archive copy) |
| Author | Jeff Edwards |
| Type | |
Abstract
“ This blog post is the fourth installment in our ongoing series of articles exploring the crypto systems commonly found in various DDoS malware families. Previous subjects have included Armageddon, Khan (now believed to be a very close “cousin” of Dirt Jumper version 5), and PonyDOS. Today we’ll be diving deep into the details of the DarkComet RAT’s crypto. Over the last several months, we have encountered a large number of unique DarkComet samples – over a thousand and counting. DarkComet, also known as Trojan.Fynloski, is primarily a general purpose remote access trojan (RAT). It’s capabilities support quite an extensive laundry list of mischief, including but not limited to key logging, web cam (and sound card) spying, deleting victim files, scanning ports, hijacking MSN sessions, etc.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR940,
editor = {Arbor Networks},
author = {Jeff Edwards},
title = {It’s not the end of the world: DarkComet misses by a mile},
date = {17},
month = Mar,
year = {2012},
howpublished = {\url{http://ddos.arbornetworks.com/2012/03/its-not-the-end-of-the-world-darkcomet-misses-by-a-mile/}},
}