lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <054c01cd49a3$0b535540$21f9ffc0$@com>
Date: Wed, 13 Jun 2012 15:28:07 -0500
From: "Adam Behnke" <adam@...osecinstitute.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: A Chat With The NGR Bot

NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that
could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was
designed with the intention to steal digital identity, perform denial of
service, and manipulate the domain name resolution.

It spreads via Recycler bin social engineering as well as by hooking into
via social networking sites.

This article aims to provide some technical insights of this NGR Bot V1.0.3
sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics:

(1) Encryption & tampering detection mechanism
(2) Functionalities
(3) Hooking technique
(4) Architecture Set-up for communicating with this malware

To view the entire article, go here:
http://resources.infosecinstitute.com/ngr-rootkit/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ