figure 1 | DataProtectionCenter.com

The “hidden” backdoor – VirTool:WinNT/Exforel.A

10

Dec

2012

Recently we discovered an advanced backdoor sample – VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this backdoor is implemented at the NDIS (Network Driver Interface Specification) level. VirTool:WinNT/Exforel.A implements a simple private TCP/IP stack and hooks NDIS_OPEN_BLOCK for the TCP/IP protocol, as shown in Figure 1. Figure 1: Hooked functions in NDIS_OPEN_BLOCK This means that backdoor-related TCP traffic will be diverted to the private […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Unexpected reboot: Necurs

08

Dec

2012

Necurs is a prevalent threat in the wild at the moment – variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Unexpected reboot: Necurs

07

Dec

2012

Necurs is a prevalent threat in the wild at the moment – variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So […]

Category General Written by Microsoft Malware Protection Center 0 Comments

The Latest in IT Security

Posts Tagged ‘figure 1’

The “hidden” backdoor – VirTool:WinNT/Exforel.A

Unexpected reboot: Necurs

Unexpected reboot: Necurs

Categories

Featured

Archives

Latest Comments

About Us

Contact Us