We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack. It seems this is becoming a new trend for this type of malware.The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.It works like this: […]
Recently we discovered an advanced backdoor sample – VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this backdoor is implemented at the NDIS (Network Driver Interface Specification) level. VirTool:WinNT/Exforel.A implements a simple private TCP/IP stack and hooks NDIS_OPEN_BLOCK for the TCP/IP protocol, as shown in Figure 1. Figure 1: Hooked functions in NDIS_OPEN_BLOCK This means that backdoor-related TCP traffic will be diverted to the private […]
Microsoft released 13 bulletins today, which is quite large for a summer Patch Tuesday, but only two of these bulletins were critical. There are nine rated important and two rated as moderate. The first critical bulletin, MS11-057, affects Internet Explorer and patches seven vulnerabilities. Two of these vulnerabilities were disclosed publicly and are rated moderate. […]
Latest Comments