Home
Add Document
Sign In
Create An Account
Alureon: The First 64-Bit Windows Rootkit - Virus Bulletin
Recommend Documents
No documents
Alureon: The First 64-Bit Windows Rootkit - Virus Bulletin
Download PDF
0 downloads
128 Views
6MB Size
Report
Comment
edia/Entry.aspx?Name=Trojan%3aDOS%2fAlureon.A · http://www.kernelmode.info/forum/viewtopic.php?f=16&t · =19 · http:/
Something old, something new.
Something old, something new.
Contents of the virtual file system
ldr64 empty!
Phew!
The 64-bit Rootkit
MBR
Ldr16 – int13h hook
Finding kdcom.dll
Other int13h patches
Other int13h patches continued
Other int13h patches continued
Ldr64 fake KD communications DLL
Ldr64 fake KD communications DLL
Ldr64 fake KD communications DLL cont.
No, seriously, how does it load?
http://blogs.technet.com/b/mmpc/archive/2010/08/27/alu reon-evolves-to-64-bit.aspx http://www.microsoft.com/security/portal/Threat/Encyclop edia/Entry.aspx?Name=Trojan%3aDOS%2fAlureon.A http://www.kernelmode.info/forum/viewtopic.php?f=16&t =19
http://www.drweb.com/static/BackDoor.Tdss.565_%28aka% 20TDL3%29_en.pdf
×
Report "Alureon: The First 64-Bit Windows Rootkit - Virus Bulletin"
Your name
Email
Reason
-Select Reason-
Pornographic
Defamatory
Illegal/Unlawful
Spam
Other Terms Of Service Violation
File a copyright complaint
Description
×
Sign In
Email
Password
Remember me
Forgot password?
Sign In
Our partners will collect data and use cookies for ad personalization and measurement.
Learn how we and our ad partner Google, collect and use data
.
Agree & close
