zeus gameover with necurs rootkit
OpenIOC1.0
by @iocbucket
sha1:
633ac6cfd9833ecd0cf15402d3549c9350bcf986
short description:
zeus gameover with necurs rootkit
long description:
recently the developers behind zeus gameover, the p2p (peer-to-peer) version of the infamous zeus banker, introduced a kernel-mode rootkit known as necurs to protect the binaries on the hard drive and in memory. earlier versions of zeus already employed a user-mode rootkit which was dropped in version 2 due to its inefficiency. instead zeus moved on to injecting its code into most processes. gameover will first drop necurs, installing the kernel driver as a service and then attempt to inject itself into other processes. the dropper contains a 32-bit and 64-bit version of the kernel driver.