Skip navigation.
Home

mythx's blog

MS out of band updates

http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

Chinese malware FTP servers

Found 2 chinese malware FTP servers.

ftp://luckycn.cn
login: netserv3
password: 43243wen9874

ftp://aosoft.cn
login: netserv3
password: 43243wen9874

happy malware hunting.

Malware using BITS

Didn't do a detailed analysis of this but it seems to be using BITS to download other malware. (which was reported last month iirc)

MD5: 59213c81bf3af062e3a6291ed2c932bd

W32.Rinbot.BC - detects VM and Ollydbg's presence

This piece of malware detects the presence of VM and Ollydbg.

AhnLab-V3 2007.5.9.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.08.2007 BDS/Vanbot.AR
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.07.2007 no virus found
AVG 7.5.0.467 05.08.2007 Win32/CryptExe
BitDefender 7.2 05.09.2007 Backdoor.Vanbot.AR
CAT-QuickHeal 9.00 05.08.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.08.2007 BackDoor.IRC.Sdbot.1335
eSafe 7.0.15.0 05.08.2007 Win32.Rinbot.BC
eTrust-Vet 30.7.3618 05.08.2007 Win32/Nirbot.BD

New technology of rootkits: Unreal

Unreal rootkit hides file and driver. Works on NT-based operation systems with NTFS file systems. It doesnt have process, so it's not hides processes! It do not hide also a registry keys, so no registry keys are hidden! Make sure, that you readed this post before you start tests or write something.

Read the Forum Post from SysInternals

pretty interesting read.
it seems like no rootkit detector is able to detect this.

Syndicate content