iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > A Dangerous Development In Rootkit Evolution
Search:
[ news_security_news ]

A Dangerous Development In Rootkit Evolution



Doug Caverly
Staff Writer
2006-07-19

SecurityProNews: Insider Reports Insider Reports RSS Feed


Like so many security threats, rootkits are getting more dangerous. But now this breed of malware has taken a big leap forward.

Security researchers have identified a stealthy new rootkit that seems specifically (and skillfully) designed to avoid being detected by some of the more common rootkit detectors.

CNET has covered the new threat, which Symantec has dubbed "Backdoor.Rustock.A." Symantec employee Elia Florio wrote, "It can be considered the first born of the next generation of rootkits."

He went on to call it "an advanced example of ‘stealth by design' malicious code."

Florio listed a number of reasons in the company blog "that Rustock.A is turning heads" - it's not what one would consider an encouraging compilation. "Rootkit detectors can detect hidden processes, but Rustock.A has no process," he stated.

Additionally, "the malware contains aggressive rootkit technologies because it scans for the following strings in loaded programs, and then changes its behavior to avoid any detection."

Florio found that it could hide from BlackLight, Rootkitrevealer, and Rkdetector. Rustock.A is "totally invisible on a compromised computer when installed," he said.

And don't count on the next version of Windows to turn things around.

Rustock.A "even seems able to achieve all of its stealth functionality without any problems on a beta version of Microsoft Windows Vista (6.0.5270)," Florio wrote.

The Symantec employee also had something to say about the rootkit's origin, and its future.

"We believe that Rustock.A is probably a Russian creature, and it contains the string ‘G:bot-mailer07spambot-01driverobjfre,' which leads us to believe that we'll undoubtedly see new versions of this malware."

Add to | DiggThis | Yahoo! My Web

Technorati:


About the Author:
Doug is a staff writer for SecurityProNews. InternetFinancialNews, SearchNewz, and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds