| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEU_RJApoofp1brPsNE_B+bAZ3TgbUHVm3aa2-kRbFGY4PfBKw@mail.gmail.com> Date: Wed, 13 Jun 2012 16:36:54 -0400 From: Alex Buie <abuie@...services.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: A Chat With The NGR Bot I love these posts that troll for visits to someone's site. -- Alex Buie Network Coordinator / Server Engineer KWD Services, Inc Media and Hosting Solutions +1(703)445-3391 +1(480)253-9640 +1(703)919-8090 abuie@...services.com ज़रा On Wed, Jun 13, 2012 at 4:28 PM, Adam Behnke <adam@...osecinstitute.com> wrote: > NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that > could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was > designed with the intention to steal digital identity, perform denial of > service, and manipulate the domain name resolution. > > It spreads via Recycler bin social engineering as well as by hooking into > via social networking sites. > > This article aims to provide some technical insights of this NGR Bot V1.0.3 > sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: > > (1) Encryption & tampering detection mechanism > (2) Functionalities > (3) Hooking technique > (4) Architecture Set-up for communicating with this malware > > To view the entire article, go here: > http://resources.infosecinstitute.com/ngr-rootkit/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists