[nycbug-talk] Cdorked.A Backdoor

Pete Wright pete at nomadlogic.org
Fri May 10 13:27:41 EDT 2013


On 05/10/13 08:04, Jesse Callaway wrote:
>
>
> but yeah if it's a binary install then checksumming would be a great
> first approach. what's scary about all this is there's no vulnerability
> that's been pointed out... just seems to magically infect
>


yea i agree with you on that jesse, as well as with bob's earlier point 
along the same lines.

i gotta say i do like how this backdoor runs out of shared memory and 
apparently doesn't leave any traces of itself on the filesystem.  i'm 
certain that has been done before - but thought it was a pretty novel 
idea :)

-pete

-- 
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA




More information about the talk mailing list