[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] unknown windows rootkit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] unknown windows rootkit
From: Axel Pettinger <api@xxxxxxxxxxxxxx>
Date: Sun, 20 Nov 2005 14:19:56 +0100

> sk / GroundZero wrote:
> 
> We found what seems to be a unknown rootkit on a
> customer system which was windows 2000 sp4.
> It is a kernel resident infector as it installs itself as
> hidden device driver operating in kernel level to hide
> its directories and programs aswell as network connections.
> For our research we named it Win32/McSport-A.

The family name of your rootkit trojan is "Apropos". It seems to belong 
to the Adware/Spyware category.

> More Detailed informations aswell as removal instructions
> can be found here: http://www.groundzero-security.com/mcsport.html

Description of other Apropos variants:

http://securityresponse.symantec.com/avcenter/venc/data/spyware.apropos.c.html
http://vil.nai.com/vil/content/v_134133.htm

Regards,
Axel Pettinger
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] unknown windows rootkit
  - From: sk / GroundZero

Prev by Date: Re: [Full-disclosure] searching for Showtee docu
Next by Date: Re: [Full-disclosure] Fwd: Forwarding comments to FD
Previous by thread: Re: [Full-disclosure] unknown windows rootkit
Next by thread: Re: [Full-disclosure] unknown windows rootkit
Index(es):
- Date
- Thread