lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <438077FC.80A8CE0@worldonline.de> Date: Sun Nov 20 13:20:19 2005 From: api at worldonline.de (Axel Pettinger) Subject: unknown windows rootkit > sk / GroundZero wrote: > > We found what seems to be a unknown rootkit on a > customer system which was windows 2000 sp4. > It is a kernel resident infector as it installs itself as > hidden device driver operating in kernel level to hide > its directories and programs aswell as network connections. > For our research we named it Win32/McSport-A. The family name of your rootkit trojan is "Apropos". It seems to belong to the Adware/Spyware category. > More Detailed informations aswell as removal instructions > can be found here: http://www.groundzero-security.com/mcsport.html Description of other Apropos variants: http://securityresponse.symantec.com/avcenter/venc/data/spyware.apropos.c.html http://vil.nai.com/vil/content/v_134133.htm Regards, Axel Pettinger