Alureon DNS Hijacking bot (DNSChanger, Win32/Alureon.EC) - Page 2

Re: Rootkit TDL 3 (alias TDSS, Alureon)

#3890 by EP_X0FF
Thu Dec 09, 2010 3:15 am

Cr4sh wrote:
EP_X0FF wrote:Payload is the new version of Alureon routers stuff.
What exactly this stuff doing?

http://www.kernelmode.info/forum/viewto ... 3274#p3274

frank_boldewin wrote:http://www.securelist.com/en/blog/337/T ... nerability

can someone plz share a tdl4 sample using the stuxnet task sched 0day used for privilege escalation?

http://www.kernelmode.info/forum/viewto ... 3862#p3862

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Rootkit TDL 3 (alias TDSS, Alureon)

#3965 by 4r0
Sun Dec 12, 2010 7:58 pm

hi! does attached sample use this vulnerability? http://www.securelist.com/en/blog/337/T ... nerability

Attachments

Backdoor.Win32.TDSS.atx.zip

Backdoor.Win32.TDSS.atx
PW: virus
(44.3 KiB) Downloaded 50 times

Username

4r0

Posts

6

Joined

Sun Aug 29, 2010 3:35 pm

Re: Rootkit TDL 3 (alias TDSS, Alureon)

#3972 by EP_X0FF
Mon Dec 13, 2010 3:40 am

No. It is old Alureon dropper related to routers DNS hijacking.
http://www.virustotal.com/file-scan/rep ... 1292186977

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Alureon DNS Hijacking bot

#4276 by EP_X0FF
Wed Jan 05, 2011 8:47 am

This thread created from TDL4 rootkit thread. It include information and discussion about TDSS/Alureon.EC bot responsible for DNS hijacking.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact