Re: [funsec] MBR Rootkit
IIRC, the severity of that one was (imagine this!) exaggerated in the press. It doesn't really force a reinstall. On Sat, Aug 13, 2011 at 9:37 PM, Daniel Otis wrote: > Sorry, I sent from the wrong address! > > Forgive me for not being clear. I meant the latest one in the news: > > http://www.itbusinessedge.com/cm/community/news/sec/blog/new-rootkit-forces-windows-reinstall/?cs=47591 > > Thanks! > > Daniel > > On 8/13/2011 6:58 PM, valdis.kletni...@vt.edu wrote: > > On Sat, 13 Aug 2011 13:08:59 MDT, Daniel Otis said: > >> Does anyone have a sample of the latest MBR Rootkit? I need one to > >> experiment on, thanks! > > *the* latest? Try 'git clone git://github.org/mbr' or similar? ;) > > > > (And here I thought there were multiple *families* of MBR rootkits out > there, > > each with multiple instances? Are you looking for a *specific* one, and > are > > criteria like "new variants from under 24 hours ago" meaningful for your > > experimentation? There's a few bazillion variants of malware out there, > > the more specific you can be the better > > > > > -- > MooSoft Development LLC > http://www.moosoft.com > > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] MBR Rootkit
Sorry, I sent from the wrong address! Forgive me for not being clear. I meant the latest one in the news: http://www.itbusinessedge.com/cm/community/news/sec/blog/new-rootkit-forces-windows-reinstall/?cs=47591 Thanks! Daniel On 8/13/2011 6:58 PM, valdis.kletni...@vt.edu wrote: > On Sat, 13 Aug 2011 13:08:59 MDT, Daniel Otis said: >> Does anyone have a sample of the latest MBR Rootkit? I need one to >> experiment on, thanks! > *the* latest? Try 'git clone git://github.org/mbr' or similar? ;) > > (And here I thought there were multiple *families* of MBR rootkits out there, > each with multiple instances? Are you looking for a *specific* one, and are > criteria like "new variants from under 24 hours ago" meaningful for your > experimentation? There's a few bazillion variants of malware out there, > the more specific you can be the better > -- MooSoft Development LLC http://www.moosoft.com ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] MBR Rootkit
On Sat, 13 Aug 2011 13:08:59 MDT, Daniel Otis said: > Does anyone have a sample of the latest MBR Rootkit? I need one to > experiment on, thanks! *the* latest? Try 'git clone git://github.org/mbr' or similar? ;) (And here I thought there were multiple *families* of MBR rootkits out there, each with multiple instances? Are you looking for a *specific* one, and are criteria like "new variants from under 24 hours ago" meaningful for your experimentation? There's a few bazillion variants of malware out there, the more specific you can be the better pgpDdvl8auyaU.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
