Backdoor.Win32.UltimateDefender.gtz Reverse Engineering

[evilcry]

Hi,

I've released Backdoor.Win32.UltimateDefender.gtz Reverse Engineering:

http://evilcry.netsons.org/tuts/Mw/Backdoo...ateDefender.pdf

Regards,

Giuseppe 'Evilcry' Bonfa'

[anoob]

Hi,

I've released Backdoor.Win32.UltimateDefender.gtz Reverse Engineering:

http://evilcry.netsons.org/tuts/Mw/Backdoo...ateDefender.pdf

Regards,

Giuseppe 'Evilcry' Bonfa'

nice read thx

[Loki]

A nice summary, thanks for sharing

[aztecx]

Always like looking through your stuff. thanks!

[D1N]

Very nice analysis. I always enjoy reading reversing material in relation to malware. It's so much fun to go hunting for malware. I've done my share of searching random file sharing sites to find malicious files. My favorites are botnet's. Most of the time the author is using the same password he would use for his own box and if your lucky (and i have been on a few occasions) the little botmaster is running teh 1337 ubutnu and just learned how to apt-get install ircd! Once you crack the bot net and retrieve that weak password from those bots just ssh into the box and sudo yourself into root because it's likely the skiddie is using the same password for his server. Game over... ;-)

what? sudo -rm -rf /etc/* | rm -rf /var/log/*

Good job look forward to some more. Bookmarked your site.

Edited February 18, 2009 by D1N

[evilcry]

Thank you man, actuallyI'm working on an Advanced Dialer that deceives many many AVs soon

I'll release a paper on it