[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Interesting Backdoor



On Mon, Dec 8, 2014 at 4:52 PM, Alfred Baroti <marianalfred@xxxxxxxxx> wrote:
> Anyone have any idea with what i am dealing with ?

This looks like a Jynx derived rootkit which relies on LD_PRELOAD [1].

[1] 
http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html

Brandon Vincent

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/