Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mpack Installs Ultra-invisible Srizbi Trojan


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:14 AM

Posted 06 July 2007 - 04:40 PM

Even more reasons to be careful with web links or surfing ...

Mpack installs ultra-invisible Srizbi Trojan
http://www.computerworld.com/action/articl...ticleId=9026323

July 05, 2007 (Computerworld) -- The notorious Mpack hacker tool kit is installing malware that carries out all its chores -- including spewing spam -- from within the Windows kernel, making it extremely difficult for some security software to detect, Symantec Corp. said today.

The Trojan horse that Symantec has dubbed "Srizbi" is being dropped onto some PCs by the multi-exploit Mpack, a ready-to-use attack application that until recently has been selling for around $1,000. Responsibility for a large-scale attack launched from thousands of hijacked Web sites last month was pinned on Mpack, as was a follow-up campaign waged from compromised Internet porn sites.

Although Mpack can force-feed any malicious code to a commandeered PC, Symantec researchers said Srizbi stands out. Rather than follow the current practice of hiding only some activities with rootkit cloaking technologies, Srizbi goes completely undercover. The new Trojan, said Symantec, works without any user-mode payload and does everything from kernel-mode, including its main task: sending spam.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users