[nycbug-talk] Cdorked.A Backdoor
Pete Wright
pete at nomadlogic.org
Fri May 10 13:27:41 EDT 2013
On 05/10/13 08:04, Jesse Callaway wrote:
>
>
> but yeah if it's a binary install then checksumming would be a great
> first approach. what's scary about all this is there's no vulnerability
> that's been pointed out... just seems to magically infect
>
yea i agree with you on that jesse, as well as with bob's earlier point
along the same lines.
i gotta say i do like how this backdoor runs out of shared memory and
apparently doesn't leave any traces of itself on the filesystem. i'm
certain that has been done before - but thought it was a pretty novel
idea :)
-pete
--
Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA
More information about the talk
mailing list