Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection
Learning Goals: Practice WinDbg for Intercepting Driver Loading Practice IMM for Modifying Binary Code Trace and Modify Control Flow Using IMM Applicable to: Operating Systems Assembly Language Operating System Security 1. Introduction One typical feature of Max++ is its ability to hide malicious files in a hidden drive. In this tutorial, we show you how to modify the malware itself to break its h
Avatar Rootkit: Dropper Analysis | Infosec
Get live, hands-on malware analysis training from anywhere, and become a Certified Reverse Engineering Analyst. We are going to start first by taking a look at the Rootkit dropper. In other words, it is the module responsible for loading (dropping) the rootkit. In the case of Avatar, all the "loading" is done in memory. Hence, extra work is needed on the part of the dropper to load DLL modules and
Bootkit Threat Evolution in 2011
Award-winning news, views, and insight from the ESET security community Bootkit Threat Evolution in 2011 ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011. The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform
TDL3 and ZeroAccess: More of the Same? - Webroot Blog
TDL3 and ZeroAccess: More of the Same? by Blog Staff | Aug 8, 2011 | Industry Intel, Threat Lab Reading Time: ~ 5 min. By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden
Monthly Malware Statistics, May 2011
The following statistics were compiled in May using data from computers running Kaspersky Lab products: 242,663,383 network attacks blocked; 71,334,947 attempted web-borne infections prevented; 213,713,174 malicious programs detected and neutralized on users’ computers; 84,287,491 heuristic verdicts registered. Rogue antivirus for Mac OS X In 2010, we saw an overall decrease in the number of rogue
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Naked Security – Sophos News
Endpoint Protection - Symantec Enterprise
Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC)
Naked Security – Sophos News
toolsmith: ZeroAccess analysis with OSForensics
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System
ZeroAccess, Volatility, and Kernel Timers
ZeroAccess Gets Another Update - Webroot Blog
ZeroAccess Rootkit Guards Itself with a Tripwire - Webroot Blog
::eSploit::: Malware Sourcecode
MAX++ sets its sights on x64 platforms
ZeroAccess, an advanced kernel mode rootkit