Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on July 13, 2010, 04:35:29 pm

Title: Review of Rootkit.TmpHider
Post by: SysAdMini on July 13, 2010, 04:35:29 pm
http://www.wilderssecurity.com/attachment.php?attachmentid=219888&d=1279012965

Quote
Propagation method
You should take into consideration that virus infects Operating System in unusual way (without
usage of autorun.inf file) through vulnerability in processing lnk-files.
So you just have to open infected USB storage device using Microsoft Explorer or any other file
manager that can display icons ( for example Total Commander ) to infect your Operating System
and allow execution of malware program.

...

Quote
Note that drivers are signed with digital signature of Realtek Semiconductor Corp
Title: Re: Review of Rootkit.TmpHider
Post by: SysAdMini on July 16, 2010, 08:29:01 am
About TmpHider/Stuxnet #1
http://www.inreverse.net/?p=1246