Top
Navigation
« Metasploit WMAP Web Attack and Exploitation | Main | Jasager »
Thursday
Oct092008

The Moth Trojan

DateThursday, October 9, 2008 at 1:16PM

The Moth Trojan is a very interesting trojan since it is the first one I have seen writen in WMI (Windows Management Instrumentation) a place where I have seen very little forensic information and problably this cincepts is in used in the wild. This type of trojan is easy to detect do to the way it inserts it self into the WMI namespace but lets be honest how many HIPS, AV and admins check the WMI namespace for changes?

AuthorCarlos Perez | CommentPost a Comment | Print ArticlePrint Article
tagged ,

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.