Posts Tagged ‘evolution’

Win32/Morto – Made in China, now with PE file infection

Nov

2012

In July 2012, our virus laboratory came across what we first thought was a new family of malware. The threat spread by infecting Portable Executable or PE files used by Windows, but this malware also infected systems through remote desktop and network shares. After further analysis, we realized we were dealing with a new version […]

Category General Written by ESET ThreatBlog 0 Comments

Rovnix.D: the code injection story

Jul

2012

ESET – In the one of my previous blog posts I described the bootkit functionality included in modifications found in new Rovnix.D samples (Rovnix bootkit framework updated), but further detailed analysis uncovered some interesting updates to the code injection technique employed. During the Rovnix.D code analysis process we found algorithms for multiple code injections with […]

Category General Written by ESET ThreatBlog 0 Comments

Rovnix bootkit framework updated

Jul

2012

We have been tracking the activity of the Rovnix bootkit family since April 2011. Rovnix was the first bookit family to use VBR (Volume Boot Record) infection (NTFS bootstrap code) for loading unsigned kernel-mode drivers on x64 (64 bit) platforms. The reason for exploring further is the desire of the Rovnix developers to bypass antivirus […]

Category General Written by ESET ThreatBlog 0 Comments

The Latest in IT Security

Posts Tagged ‘evolution’

Win32/Morto – Made in China, now with PE file infection

Rovnix.D: the code injection story

Rovnix bootkit framework updated

Categories

Featured

Archives

Latest Comments

About Us

Contact Us