RootSmart malware utilizes GingerBreak root exploit

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

RootSmart malware utilizes GingerBreak root exploit
Botnet
Malware RootSmart
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 3 février 2012
Editor/Conference CS State University
Link http://www.csc.ncsu.edu/faculty/jiang/RootSmart/ (Archive copy)
Author Xuxian Jiang
Type

Abstract

Different from GingerMaster, this new malware does not directly embed the root exploit inside the app. Instead, it dynamically fetchs the GingerBreak root exploit from a remote server and then executes it to escalate its privilege. Such attack is reminiscent of an earlier proof-of-concept app called RootStrap that was written by Jon Oberheide to demonstrate such capability. But RootSmart seriously substantiates this threat as the first such malware in the wild. It also reminds the earlier Plankton spyware. But Plankton does not contain any root exploit.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR846,
   editor = {CS State University},
   author = {Xuxian Jiang},
   title = {RootSmart malware utilizes GingerBreak root exploit},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{http://www.csc.ncsu.edu/faculty/jiang/RootSmart/}},
 }