Rovnix is a malware family that has been around since 2011. It hijacks the boot sector by infecting the VBR and NT LDR to persist on the target system. Its malicious capabilities include:<\/p>\n
- \n
- Stealing banking information from victims by infecting browser processes.<\/li>\n
- Stealing other passwords from the victim\u2019s system.<\/li>\n
- Stealing Bitcoins from the target\u2019s wallets.<\/li>\n<\/ul>\n
The Rovnix malware family is modular in nature. It can:<\/p>\n
- \n
- Update its control\u00a0servers after it has infected the target system.<\/li>\n
- Download new plug-ins, giving it the ability to carry out new malicious activities in the future.<\/li>\n
- Infect both 32- and 64-bit systems with corresponding DLLs and bootkit infection drivers and code.<\/li>\n<\/ul>\n
Sinkholing<\/strong><\/h2>\n
DNS translates domain names such as www.website_name.com to IP addresses that can be used by networking applications such as browsers to send and receive content from a web server. For applications that use domain names, DNS requests are the first step in establishing communication with web-based servers. Any malicious application that uses a domain name for its control\u00a0servers needs to contact a DNS server to translate the domain name into a valid IP address for the servers.<\/p>\n
Sinkholing intercepts the DNS request by the malware for a control\u00a0server and responds with a spoofed address instead of the valid server IP. This disrupts the communication of the malware with its control\u00a0server and has several advantages. The malware can no longer:<\/p>\n
- \n
- Download commands to execute on the target system.<\/li>\n
- Download new modules or malware to execute on the target system.<\/li>\n
- Exfiltrate stolen data from the target system.<\/li>\n
- Provide its status to the control server (in the case of botnets).<\/li>\n
- Send system statistics to the control\u00a0server (such as system type, antimalware installed, etc.).<\/li>\n
- Download encryption keys from the control server, thus preventing the target\u2019s files from being encrypted (in the case of ransomware).<\/li>\n<\/ul>\n
Sinkholing has been used to disrupt a wide variety of malware campaigns including Trojans, botnets, ransomware, and other threats.<\/p>\n
Sinkhole Detection Technique\u00a0<\/strong><\/h2>\n
In a simple yet effective technique, the malware fetches the DNS name server records for the control\u00a0server it attempts to contact.<\/p>\n
![\"DNSQuery\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png\")
\nDNSQuery call to fetch DNS name servers.<\/em><\/p>\nThe name server value(s) are then checked against a list of keywords that might indicate that the DNS name server records for the control server have been sinkholed. The malware checks for the following keywords in the DNS name server record values:<\/p>\n
- \n
- control<\/li>\n
- sink<\/li>\n
- hole<\/li>\n
- dynadot<\/li>\n
- block<\/li>\n
- trojan<\/li>\n
- abuse<\/li>\n
- virus<\/li>\n
- malw<\/li>\n
- hack<\/li>\n
- black<\/li>\n
- spam<\/li>\n
- anti<\/li>\n
- googl<\/li>\n<\/ul>\n
![\"SinkHoleChecks\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/SinkHoleChecks-e1449624181189.png\")
\nString comparisons against DNS name server values.<\/em><\/p>\nOnce the DNS name servers pass the sinkhole checks, the malware downloads various modules to steal information from the victim\u2019s machine.<\/p>\n
Domains Contacted<\/strong><\/h2>\n
All of the domains that follow are control\u00a0servers used to download malicious plug-ins\/modules. The malware starts by contacting the first server listed. If it cannot contact the first server, it tries contacting the next server listed, and so on.<\/p>\n
The domains listed are for MD5: 7ce075e3063782f710d47c77ddfa1261<\/p>\n
- \n
- transliteraturniefabriki.com: the first control server for communication and downloading additional plugins.<\/li>\n
- tornishineynarkkek2.org: a backup server. The domain has a history of switching IP addresses.<\/li>\n
- upmisterfliremsnk.net: a backup server. The domain also has a history of switching IP addresses.<\/li>\n
- itnhi4vg6cktylw2.onion: the last server. If none of the other control servers can be contacted, then the malware establishes a connection with this onion address.<\/li>\n<\/ul>\n
Additional control\u00a0domains seen in other Rovnix downloaders:<\/p>\n
- \n
- lastooooomene2ie2e.com<\/li>\n
- ecloud86.com, ecloud87.com, ecloud88.com, ecloud89.com, ecloud90.com, ecloud91.com<\/li>\n
- srvdexpress3.com, srvdexpress4.com, srvdexpress5.com, srvdexpress6.com, srvdexpress7.com<\/li>\n
- elorfans2.com, elorfans3.com, elorfans4.com, elorfans5.com, elorfans6.com<\/li>\n
- tornishineynarkkek.org, tornishineynarkkek3.org<\/li>\n
- mediacontent.us, mediacontent2.us, mediacontent3.us<\/li>\n
- romnsiebabanahujtr.org, romnsiebabanahujtr2.org, romnsiebabanahujtr3.org<\/li>\n
- pg7iuaqu5b7fq36o.onion<\/li>\n
- j7t4lg23tdhag3fn.onion<\/li>\n
- c2bbagrsvbs2v6a7.onion<\/li>\n
- hbs63zj7mwj5g6w7.onion<\/li>\n<\/ul>\n
IP Addresses Hosting the Domains<\/strong><\/h2>\n
Multiple domains in the control server list share the same IP address, indicating that the malicious actor has control of the IPs hosting the domains. For example, the following domains share the same IP:<\/p>\n
- \n
- lastooooomene2ie2e.com and transliteraturniefabriki.com<\/li>\n
- tornishineynarkkek.org, tornishineynarkkek2.org and upmisterfliremsnk.net<\/li>\n
- ecloud88.com and ecloud89.com<\/li>\n
- srvdexpress3.com, srvdexpress4.com and srvdexpress5.com<\/li>\n
- elorfans3.com and elorfans4.com<\/li>\n<\/ul>\n
Timing Checks<\/strong><\/h2>\n
The malware also does a time check using standard Network Time Protocol (NTP) servers to decide whether to proceed with its malicious activities. The check compares the times received from the control\u00a0server and public time servers. If the time elapsed exceeds a certain threshold, the malware sleeps for a period before checking the times again. The time stamp might be fetched from the public NTP servers because many malware analysis systems can spoof local system time to trick the malware into running its malicious code.<\/p>\n
Targets\u00a0<\/strong><\/h2>\n
The downloaders have primarily been encountered in the United States, Canada, Japan, and parts of Europe.<\/p>\n
The following map shows a geographic distribution of the Rovnix downloader:<\/p>\n
![\"RovnixDropper_InfectionMap\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/RovnixDropper_InfectionMap.jpg\")
<\/p>\nGeographic distribution of the Rovnix downloader infections.<\/em><\/p>\n
<\/p>\n
Conclusion<\/strong><\/h2>\n
The newest downloader for Rovnix introduces a new method to detect DNS sinkholing. This technique allows the malware to protect itself by not executing its malicious code if the control server\u00a0has been sinkholed. Multiple server\u00a0domains hosted on a single IP also indicate that one\u00a0attacker might have control of these servers.<\/p>\n
The usage of public NTP servers to check the time is a relatively new capability. This technique combats spoofing of local system time used by many dynamic malware detection systems.<\/p>\n
MD5 Sums<\/strong><\/h2>\n
7ce075e3063782f710d47c77ddfa1261
\n11f61c60ce548e2148c2f7a2e5f7103c
\ne8a94f1df66587abd7c91bfcbe5af5d5
\nfdef7dd0b7cece42042a7baca3859e41
\nb7d63dcb586ec9a54a91379990dcd804
\n7123a117c44e8c454f482b675544d1a9
\n5ea867f5f7c24e0939013faf3ed78535
\n0131d46686c66e6a4c8d89c3aa03534c
\nb0bce8bd66a005eff775099563232e64
\ne0bc0503ccc831c07d6cc4c394b5a409
\n29ef765145f6dd76cec5cc89c75b44de
\na6fd6661c6ac950263ba9a3d4fc55354
\n19f14a5d5610e51f4985444f3f0e59ed<\/p>\nYara Rule<\/strong><\/h2>\n
The following Yara rule can be used to find samples of\u00a0the Rovnix downloader:<\/p>\n
rule rovnix_downloader
\n{
\nmeta:
\nauthor=”McAfee”
\ndescription=”Rovnix downloader with sinkhole checks”<\/p>\nstrings:
\n$sink1=”control”
\n$sink2 = “sink”
\n$sink3 = “hole”
\n$sink4= “dynadot”
\n$sink5= “block”
\n$sink6= “malw”
\n$sink7= “anti”
\n$sink8= “googl”
\n$sink9= “hack”
\n$sink10= “trojan”
\n$sink11= “abuse”
\n$sink12= “virus”
\n$sink13= “black”
\n$sink14= “spam”
\n$boot= “BOOTKIT_DLL.dll”
\n$mz = { 4D 5A }<\/p>\ncondition:
\n$mz in (0..2) and all of ($sink*) and $boot<\/p>\n}<\/p>\n
<\/p>\n
Acknowledgements<\/strong><\/h2>\n
Thanks to Christiaan Beek, Jonathan Chang, and Sanchit Karve for contributing to this post.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of…<\/p>\n","protected":false},"author":807,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,180],"coauthors":[4607],"class_list":["post-46521","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-malware"],"acf":[],"yoast_head":"\n
Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog<\/title>\n<meta name=\"description\" content=\"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-09T23:20:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T10:53:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/DNSQuery-e1449622814120.png\" \/>\n\t<meta property=\"og:image:width\" content=\"537\" \/>\n\t<meta property=\"og:image:height\" content=\"529\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Asheer Malhotra\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Asheer Malhotra\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\"},\"author\":{\"name\":\"Asheer Malhotra\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/066cf1359f16ae518cecdc64508d8288\"},\"headline\":\"Rovnix Downloader Updated with SinkHole and Time Checks\",\"datePublished\":\"2015-12-09T23:20:33+00:00\",\"dateModified\":\"2025-06-04T10:53:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\"},\"wordCount\":1236,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png\",\"keywords\":[\"computer security\",\"cybercrime\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\",\"name\":\"Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png\",\"datePublished\":\"2015-12-09T23:20:33+00:00\",\"dateModified\":\"2025-06-04T10:53:44+00:00\",\"description\":\"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Rovnix Downloader Updated with SinkHole and Time Checks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/066cf1359f16ae518cecdc64508d8288\",\"name\":\"Asheer Malhotra\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e78078f1b329a169c8bbda9ddf3944da\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/asheer-malhotra-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/asheer-malhotra-96x96.jpg\",\"caption\":\"Asheer Malhotra\"},\"description\":\"Asheer is a Security Researcher at McAfee. He is actively involved in reverse engineering, malware analysis and network traffic analysis.\",\"sameAs\":[\"http:\/\/www.linkedin.com\/in\/asheermalhotra\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/asheer-malhotra\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog","description":"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog","og_description":"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2015-12-09T23:20:33+00:00","article_modified_time":"2025-06-04T10:53:44+00:00","og_image":[{"width":537,"height":529,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/DNSQuery-e1449622814120.png","type":"image\/png"}],"author":"Asheer Malhotra","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Asheer Malhotra","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/"},"author":{"name":"Asheer Malhotra","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/066cf1359f16ae518cecdc64508d8288"},"headline":"Rovnix Downloader Updated with SinkHole and Time Checks","datePublished":"2015-12-09T23:20:33+00:00","dateModified":"2025-06-04T10:53:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/"},"wordCount":1236,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png","keywords":["computer security","cybercrime","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/","name":"Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png","datePublished":"2015-12-09T23:20:33+00:00","dateModified":"2025-06-04T10:53:44+00:00","description":"McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/DNSQuery-e1449622814120.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rovnix-downloader-sinkhole-time-checks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Rovnix Downloader Updated with SinkHole and Time Checks"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/066cf1359f16ae518cecdc64508d8288","name":"Asheer Malhotra","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e78078f1b329a169c8bbda9ddf3944da","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/asheer-malhotra-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/asheer-malhotra-96x96.jpg","caption":"Asheer Malhotra"},"description":"Asheer is a Security Researcher at McAfee. He is actively involved in reverse engineering, malware analysis and network traffic analysis.","sameAs":["http:\/\/www.linkedin.com\/in\/asheermalhotra"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/asheer-malhotra\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/46521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/807"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=46521"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/46521\/revisions"}],"predecessor-version":[{"id":215097,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/46521\/revisions\/215097"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=46521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=46521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=46521"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=46521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}