|
|
|
|
|
|
by jchmbrln
572 days ago
|
|
|
From the article: > The WolfsBane Hider rootkit hooks many basic standard C library functions such as open, stat, readdir, and access. While these hooked functions invoke the original ones, they filter out any results related to the WolfsBane malware. I took this to mean some things like a simple “ls -a” might now leave out those suspicious results. |
|
|