Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Sitemap

A Port-Hiding Rootkit
BugsAlert Home > A Port-Hiding Rootkit
 
 

Aside from the MBR rootkit, TrendLabs researchers have come across another rootkit that hides ports. We’ve discovered a rootkit file that is able to hook TCPIP.SYS and related functions inside. It is able to hide the following ports: DestinationPort>3000 OR (DestinationPort<1000 AND DestinationPort!=80 AND DestinationPort!=25) These are being used in the infect machine. The said malware, TROJ_ROOTKIT.DU, was indirectly [...]




Original Source: http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/214399196/

Learn more about A Port-Hiding Rootkit
 
Tags: port-hiding rootkit

Related Items
      FrSIRT - Novell Groupwise WebAccess Simple Interface Cross Site Scripting

      CVE-2008-4610 (mplayer)

      FrSIRT - Gentoo Security Update Fixes Evolution Format String Vulnerability

      neon "parse_domain()" Denial of Service Vulnerability

      Preventing MySQL Injection Attacks With GreenSQL On Debian Etch

      Missing Tag Foils Compromise

      Ubuntu update for libexif

 
© 2007-2008 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel