figure 1 | DataProtectionCenter.com

Backdoor.Proxybox: Kernel File System Hooking

14

Aug

2012

A low level file system driver was bundled with the latest version of Backdoor.Proxybox named “rxsupply”. The malicious driver was designed to deny access to the files used by the malware in order to improve persistence on compromised computers. The driver functionality and methods used for hooking kernel file system access are described below. Figure 1. […]

Category General Written by Symantec Security Response Blog 0 Comments

Win32/Gataka banking Trojan – Detailed analysis

13

Aug

2012

Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we […]

Category General Written by ESET ThreatBlog 0 Comments

New Sample of Backdoor.Korplug is Signed with a Stolen Certificate

10

Aug

2012

Symantec recently received a new sample of Backdoor.Korplug that signs itself with a stolen certificate. It also made use of legitimate software, but this time there is something different from what was revealed in our previous blog entry.Figure 1. Loading sequenceFrom the data we have seen, the original executable was most likely signed by NVIDIA. […]

Category General Written by Symantec Security Response Blog 0 Comments

The Latest in IT Security

Posts Tagged ‘figure 1’

Backdoor.Proxybox: Kernel File System Hooking

Win32/Gataka banking Trojan – Detailed analysis

New Sample of Backdoor.Korplug is Signed with a Stolen Certificate

Categories

Featured

Archives

Latest Comments

About Us

Contact Us