[nycbug-talk] Cdorked.A Backdoor

Pete Wright pete at nomadlogic.org
Fri May 10 13:27:41 EDT 2013

On 05/10/13 08:04, Jesse Callaway wrote:
> but yeah if it's a binary install then checksumming would be a great
> first approach. what's scary about all this is there's no vulnerability
> that's been pointed out... just seems to magically infect

yea i agree with you on that jesse, as well as with bob's earlier point 
along the same lines.

i gotta say i do like how this backdoor runs out of shared memory and 
apparently doesn't leave any traces of itself on the filesystem.  i'm 
certain that has been done before - but thought it was a pretty novel 
idea :)


Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA

More information about the talk mailing list