Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Microsoft MVP, Microsoft Support Visiting Expert,
Joined
·
8,088 Posts
Discussion Starter #1
Back at the beginning of May we posted preliminary information about Win32/Rootkit.Avatar rootkit (Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication). One of the major questions not covered in that previous research was this: What payload and plugins does Avatar install onto infected machines? We continue our research and are still tracking this malware family. In the middle of July we detected a repacked Win32/Rootkit.Avatar with an active command and control (C&C) server. In this blog post we confirm that Avatar in-the-wild activity continues, and disclose some new information about its kernel-mode self-defense tricks.
Avatar rootkit: the continuing saga - We Live Security
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top