Full Disclosure mailing list archives
Re: A Chat With The NGR Bot
From: Alex Buie <abuie () kwdservices com>
Date: Wed, 13 Jun 2012 16:36:54 -0400
I love these posts that troll for visits to someone's site. -- Alex Buie Network Coordinator / Server Engineer KWD Services, Inc Media and Hosting Solutions +1(703)445-3391 +1(480)253-9640 +1(703)919-8090 abuie () kwdservices com ज़रा On Wed, Jun 13, 2012 at 4:28 PM, Adam Behnke <adam () infosecinstitute com> wrote:
NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was designed with the intention to steal digital identity, perform denial of service, and manipulate the domain name resolution. It spreads via Recycler bin social engineering as well as by hooking into via social networking sites. This article aims to provide some technical insights of this NGR Bot V1.0.3 sample (MD5 “1CA4E2F3C8C327F8D823EB0E94896538″) on the following topics: (1) Encryption & tampering detection mechanism (2) Functionalities (3) Hooking technique (4) Architecture Set-up for communicating with this malware To view the entire article, go here: http://resources.infosecinstitute.com/ngr-rootkit/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A Chat With The NGR Bot Adam Behnke (Jun 13)
- Re: A Chat With The NGR Bot Alex Buie (Jun 13)