View Single Post
  #1  
Old 03-12-2009, 04:10 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default .NET Framework Rootkits

An interesting paper in .Net Reverse

.NET Framework Rootkits:
Backdoors inside your
Framework
November, 2008
Erez Metula

Link download:
http://www.applicationsecurity.co.il...=161 &mid=555

The main idea:
Quote:
Upon request for this DLL from other executables running inside the framework, the
framework will search for the required DLL based on his version and signature. The
framework will not check for the actual signature but instead will rely on the signature
mentioned in the directory file name.
To put it in other words, the signature of the DLL itself is irrelevant, the only
thing that matters is the directory in which it is located.
Source:
http://www.applicationsecurity.co.il...=161 &mid=555

Tool:
http://www.applicationsecurity.co.il...=1 61&mid=555

Modul:
http://www.applicationsecurity.co.il...=1 61&mid=555
__________________
My site: http://rongchaua.net
Reply With Quote