Leouncia - Yet another backdoor
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Leouncia - Yet another backdoor | |
|---|---|
| Botnet | Leouncia |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2010 / 2010-12-14 |
| Editor/Conference | FireEye |
| Link | http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html (Archive copy) |
| Author | Atif Mushtaq |
| Type | |
Abstract
“ This is the second article in a row where I am going to disclose the presence of another new backdoor malware. I have recently seen this backdoor emerging on the threat landscape while investigating some targeted attacks. I named this malware Leouncia. Why? I'll make it clear later.
Like VinSelf, Leouncia is a powerful backdoor that is designed to take complete control over the infected machine. In terms of code base, both malware look very different, but during my investigation, I found some definite design similarities. I also found additional evidence that is sufficient to link the botnet operators behind these two malware.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1204,
editor = {FireEye},
author = {Atif Mushtaq},
title = {Leouncia - Yet another backdoor},
date = {14},
month = Dec,
year = {2010},
howpublished = {\url{http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html}},
}