New Kronos Banking Malware Advertised On Russian Forums

Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...

[SECURITY] Fedora 19 Update: chkrootkit-0.49-9.fc19

chkrootkit is a tool to locally check for signs of a rootkit. It contains: chkrootkit: shell script that checks system binaries for rootkit modification. ifpromisc: checks if the network interface is in promiscuous mode. chklastlog: checks for lastlog deletions. chkwtmp: checks for wtmp deletions...

Updated chkrootkit packages fix CVE-2014-0476 and a false positive

Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit usually root, allowing the attacker to escalate privileges CVE-2014-0476. The Mageia 3 update...

USN-2230-1: chkrootkit vulnerability

Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges...

chkrootkit LTS security update

Package : chkrootkit Version : 0.49-4+deb6u1 CVE ID : CVE-2014-0476 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option...

Debian Security Advisory DSA 2945-1 (chkrootkit - security update)

Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option. OpenVAS Vulnerability Test $Id: deb2945.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2945-1...

Zeus Peer to Peer Trojan Hits Banks in 10 New Countries

The Zeus financial malware may be old, but it’s hardly slowing down. The peer-to-peer version of the prolific Trojan was especially busy in the first quarter with infections reported by banks in 10 countries that previously had eluded Zeus’ reach. CSIS Security of Denmark said the gang behind Zeu...

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS, or Zbot is one of the oldest families of financial malware, it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by...

New Zeus Variant Comes Complete With a Signed Certificate

Yet another variant of the Zeus banking Trojan has surfaced; this one comes disguised as an Internet Explorer document and uses an authentic digital certificate to download a rootkit onto infected machines. According to researchers at the SSL firm Comodo, more than 200 examples of the Trojan have...

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software "signed" wit...

OpenSSH rootkit backdoor tool with ssh sniffer

This is a private version of OpenSSH backdoor rootkit tool wih ssh sniffer. If u want to have a hidden acces to a unix server on ssh conexion you can us this tool safetly. Also this rootkit can catch all ssh conexiones from the server where install this tool. If a email protected or email protect...

Uroburos Rootkit: Most sophisticated 3-year-old Russian Cyber Espionage Campaign

The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It’s difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat. Recently, The security...

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...

[Rootkit Hunter] Scanning tool to ensure you for about 99.9%* you're clean of nasty tools

Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected...

Stuxnet Malware Mitigation (Update B)

Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ICSA-10-201 USB Malware Targeting Siemens Control Software.” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities an...

glibc 2.5 <= reloc types to crash bug

+---------------------------------------------------------+ | XADV-2013002 glibc 2.5 = reloc types to crash bug | +---------------------------------------------------------+ Vulnerable versions: - glibc 2.5 = Not vulnerable versions: - glibc 2.6 = Testbed: linux distro Type: Local Impact: crash...

FBI Warning Users About Financial Malware Beta Bot

The FBI began warning computer users about the Beta Bot Trojan this week, sounding the alarm about malware that has targeted a variety of online payment platforms and financial institutions over the few last months. According to an intelligence note prepared by the Internet Crime Complaint Center...

Free Beacon Article Redirects to ZeroAccess Rootkit, Fake AV

Update: Aaron Harison, president of the Center for American Freedom, told Threatpost this morning that the issue has been resolved and the site is no longer serving malware. Hackers have latched on to the NSA surveillance story—literally. A news story on the outing of whistleblower Edward Snowden...

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...