funsec mailing list archives
F-Secure: Rootkit Pharming
From: "Fergie" <fergdawg () netzero net>
Date: Fri, 24 Feb 2006 17:15:12 GMT
Worth a look-see. Via F-Secure. [snip] Haxdoor is one of the most advanced rootkit malware out there. It is a kernel-mode rootkit, but most of its hooks are in user-mode. It actually injects its hooks to the user-mode from the kernel -- which is really unique and kind of bizarre. So, why doesn't Haxdoor just hook system calls in the kernel? A recent Secure Science paper has a good explanation for this. Haxdoor is used for phishing and pharming attacks against online banks. [snip] More: http://www.f-secure.com/weblog/#00000821 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- F-Secure: Rootkit Pharming Fergie (Feb 24)