Search found 1104 matches

by rkhunter
Sat Jul 02, 2011 6:08 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 589189

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

To EP_XOFF:
Do you mean patch about export table of kdcom (look 5.3 chapter)? But I mean article features about P2P network using and kad.dll.
by rkhunter
Sat Jul 02, 2011 5:55 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 589189

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

To EP_XOFF:
Outdated? As i saw this new information about features of TDL botnet was taken from blog of David Harley dated at 1 July.
by rkhunter
Sat Jul 02, 2011 5:45 pm
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 20200

Re: Popureb rootkit

It's my small research about this incident:

http://blogs.drweb.com/node/823
by rkhunter
Sat Jul 02, 2011 1:41 pm
Forum: Malware
Topic: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)
Replies: 595
Views: 589189

Re: Rootkit TDL 4 (alias TDSS, Alureon.DX, Olmarik)

Matrosov wrote in Twitter that ESET update info about TDL botnet - http://www.eset.com/us/resources/white- ... of_TDL.pdf
=)
by rkhunter
Fri Jul 01, 2011 1:27 pm
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 20200

Re: Popureb rootkit

by rkhunter
Thu Jun 30, 2011 9:25 am
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 20200

Re: Popureb rootkit

Symantec about Microsoft article: http://www.symantec.com/connect/blogs/mbr-confusion
by rkhunter
Wed Jun 29, 2011 6:48 pm
Forum: Malware
Topic: Rootkit TDL 3 (alias TDSS, Alureon.CT, Olmarik)
Replies: 395
Views: 252001

Re: Rootkit TDL 3 (alias TDSS, Alureon.TC, Olmarik)

To EP_XOFF:

Do you dump files from it VFS with ESET TdlFsReader? :)
by rkhunter
Sun Jun 26, 2011 9:31 am
Forum: General Discussion
Topic: Question about rootkit.com
Replies: 1
Views: 2882

Question about rootkit.com

Excuse me, may be it off top, but.

Anyone know when rootkit.com site is up or it dead forever? And there will be analog of this site?

whois for it:

Domain Name: ROOTKIT.COM
Record expires on 02-Mar-2015.
by rkhunter
Sat Jun 25, 2011 1:35 pm
Forum: Malware
Topic: Trojan SpyEye (alias Pincav)
Replies: 418
Views: 364819

Re: Trojan SpyEye (alias Pincav)

First questions from "old school" rootkit techniques. But next questions about threads and what they doing required strongly sample analyze.