Main.PDFAndRootkits History
Hide minor edits - Show changes to output
Changed line 33 from:
[[SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
to:
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
Changed lines 3-4 from:
[[Portable Document Format Malware | http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/portable_document_format_malware.pdf]]. Kazumasa Itabashi. Symantec Security Response.
to:
[[http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/portable_document_format_malware.pdf | Portable Document Format Malware]]. Kazumasa Itabashi. Symantec Security Response.
Changed lines 7-8 from:
[[TDL-4 - Top Bot | http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot&ei=dk0AUIeSGoyyqAHDi_HPBw&usg=AFQjCNFUjcbdc45s4hF291onxAiWPzWXmA&cad=rja]]. Kaspersky Lab.
to:
[[http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot&ei=dk0AUIeSGoyyqAHDi_HPBw&usg=AFQjCNFUjcbdc45s4hF291onxAiWPzWXmA&cad=rja | TDL-4 - Top Bot]]. Kaspersky Lab.
Changed lines 11-14 from:
[[ Predicting the Future of Stealth Attacks | http://www.mcafee.com/us/resources/reports/rp-predicting-stealth-attacks.pdf]]. Aditya Kapoor, Rachit Mathur. McAfee.
[[Kernel Malware: The Attack from Within | http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf]]. Kimmo Kasslin (F-Secure).
[[Kernel Malware: The Attack from Within |
to:
[[http://www.mcafee.com/us/resources/reports/rp-predicting-stealth-attacks.pdf | Predicting the Future of Stealth Attacks]]. Aditya Kapoor, Rachit Mathur. McAfee.
[[http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf | Kernel Malware: The Attack from Within]]. Kimmo Kasslin (F-Secure).
[[http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf | Kernel Malware: The Attack from Within]]. Kimmo Kasslin (F-Secure).
Changed lines 21-28 from:
[[TDL3: The Rootkit of All Evil? | http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf]]. Aleksandr Matrosov, Eugene Rodionov. ESET.
[[The Evolution of TDL: Conquering x64 | http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf]]. Eugene Rodionov, Aleksandr Matrosov. ESET.
[[TDSS | http://www.securelist.com/en/analysis/204792131/TDSS]]. Kaspersky Lab.
[[ TDSS. TDL-4 | http://wwwsecurelist.com/en/analysis/204792157/TDSS_TDL_4]]. Kaspersky Lab.
[[The Evolution of TDL: Conquering x64 |
[[TDSS | http://www
[[ TDSS. TDL-4 | http://www
to:
[[http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf | TDL3: The Rootkit of All Evil?]]. Aleksandr Matrosov, Eugene Rodionov. ESET.
[[http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf | The Evolution of TDL: Conquering x64]]. Eugene Rodionov, Aleksandr Matrosov. ESET.
[[http://www.securelist.com/en/analysis/204792131/TDSS | TDSS]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 | TDSS. TDL-4]]. Kaspersky Lab.
[[http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf | The Evolution of TDL: Conquering x64]]. Eugene Rodionov, Aleksandr Matrosov. ESET.
[[http://www.securelist.com/en/analysis/204792131/TDSS | TDSS]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 | TDSS. TDL-4]]. Kaspersky Lab.
Changed line 31 from:
[[REMnux: A Linux Distribution for Reverse-Engineering Malware | http://zeltser.com/remnux/]]
to:
[[http://zeltser.com/remnux/ | REMnux: A Linux Distribution for Reverse-Engineering Malware]]
Changed lines 7-8 from:
[[ | TDL-4 - Top Bot]]. Kaspersky Lab.
to:
[[TDL-4 - Top Bot | http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot&ei=dk0AUIeSGoyyqAHDi_HPBw&usg=AFQjCNFUjcbdc45s4hF291onxAiWPzWXmA&cad=rja]]. Kaspersky Lab.
Changed lines 13-14 from:
[[http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf | Kernel Malware: The Attack from Within]]. Kimmo Kasslin (F-Secure).
to:
[[Kernel Malware: The Attack from Within | http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf]]. Kimmo Kasslin (F-Secure).
Changed lines 21-22 from:
[[TDL3: The Rootkit of All Evil?]]. Aleksandr Matrosov, Eugene Rodionov. ESET.
to:
[[TDL3: The Rootkit of All Evil? | http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf]]. Aleksandr Matrosov, Eugene Rodionov. ESET.
Changed lines 25-28 from:
[[http://www.securelist.com/en/analysis/204792131/TDSS | TDSS]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 | TDSS. TDL-4]]. Kaspersky Lab.
[[
to:
[[TDSS | http://www.securelist.com/en/analysis/204792131/TDSS]]. Kaspersky Lab.
[[ TDSS. TDL-4 | http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4]]. Kaspersky Lab.
[[ TDSS. TDL-4 | http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4]]. Kaspersky Lab.
Changed lines 31-33 from:
[[ http://zeltser.com/remnux/ | REMnux: A Linux Distribution for Reverse-Engineering Malware ]]
[[http://computer-forensics.sans.org/community/downloads/ |SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
[[http://computer-forensics.sans.org/community/downloads/ |
to:
[[REMnux: A Linux Distribution for Reverse-Engineering Malware | http://zeltser.com/remnux/]]
[[SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
[[SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
Added lines 2-3:
[[Portable Document Format Malware | http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/portable_document_format_malware.pdf]]. Kazumasa Itabashi. Symantec Security Response.
Deleted lines 4-5:
Added lines 9-10:
[[ Predicting the Future of Stealth Attacks | http://www.mcafee.com/us/resources/reports/rp-predicting-stealth-attacks.pdf]]. Aditya Kapoor, Rachit Mathur. McAfee.
Changed line 31 from:
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
to:
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
Changed lines 19-20 from:
[[TDL3: The Rootkit of All Evil?]]. Aleksandr Matrosov, Eugene Rodionov (ESET).
to:
[[TDL3: The Rootkit of All Evil?]]. Aleksandr Matrosov, Eugene Rodionov. ESET.
[[The Evolution of TDL: Conquering x64 | http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf]]. Eugene Rodionov, Aleksandr Matrosov. ESET.
[[The Evolution of TDL: Conquering x64 | http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf]]. Eugene Rodionov, Aleksandr Matrosov. ESET.
Changed line 31 from:
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
to:
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
Changed lines 19-20 from:
[[TDL3: The Rootkit of All Evil?]].Aleksandr Matrosov, senior virus researcher.
Eugene Rodionov.
Eugene Rodionov
to:
[[TDL3: The Rootkit of All Evil?]]. Aleksandr Matrosov, Eugene Rodionov (ESET).
Added lines 9-21:
!Rootkits
[[http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf | Kernel Malware: The Attack from Within]]. Kimmo Kasslin (F-Secure).
[[http://www.securabit.com/wp-content/uploads/2010/03/Rootkit-Analysis-Hiding-SSDT-Hooks1.pdf | Rootkit Analysis: Hiding SSDT hooks]]. Nick Jogie.
[[http://www.secureworks.com/research/threats/blackenergy2/ | BlackEnergy Version 2 Analysis]]. Joe Stewart.
!!TDL
[[TDL3: The Rootkit of All Evil?]].Aleksandr Matrosov, senior virus researcher.
Eugene Rodionov.
[[http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf | Kernel Malware: The Attack from Within]]. Kimmo Kasslin (F-Secure).
[[http://www.securabit.com/wp-content/uploads/2010/03/Rootkit-Analysis-Hiding-SSDT-Hooks1.pdf | Rootkit Analysis: Hiding SSDT hooks]]. Nick Jogie.
[[http://www.secureworks.com/research/threats/blackenergy2/ | BlackEnergy Version 2 Analysis]]. Joe Stewart.
!!TDL
[[TDL3: The Rootkit of All Evil?]].Aleksandr Matrosov, senior virus researcher.
Eugene Rodionov.
Deleted line 30:
Added lines 1-18:
!PDF Malware
[[http://blog.spiderlabs.com/2011/09/analyzing-pdf-malware-part-1.html | Analyzing PDF Malware]]. Ryan Merritt.
[[ http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot&ei=dk0AUIeSGoyyqAHDi_HPBw&usg=AFQjCNFUjcbdc45s4hF291onxAiWPzWXmA&cad=rja | TDL-4 - Top Bot]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792131/TDSS | TDSS]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 | TDSS. TDL-4]]. Kaspersky Lab.
!Tools
[[ http://zeltser.com/remnux/ | REMnux: A Linux Distribution for Reverse-Engineering Malware ]]
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]
[[http://blog.spiderlabs.com/2011/09/analyzing-pdf-malware-part-1.html | Analyzing PDF Malware]]. Ryan Merritt.
[[ http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot&ei=dk0AUIeSGoyyqAHDi_HPBw&usg=AFQjCNFUjcbdc45s4hF291onxAiWPzWXmA&cad=rja | TDL-4 - Top Bot]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792131/TDSS | TDSS]]. Kaspersky Lab.
[[http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4 | TDSS. TDL-4]]. Kaspersky Lab.
!Tools
[[ http://zeltser.com/remnux/ | REMnux: A Linux Distribution for Reverse-Engineering Malware ]]
[[http://computer-forensics.sans.org/community/downloads/ | SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.13]]