'Invisible' Rootkit Found in The Wild
Nick Farrell writes on The Inquirer:
Security experts have found a really nasty rootkit which is next to near impossible to detect and remove.More here.
Dubbed Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, the code cannot be spotted by most current rootkit detectors.
Symantec claims that it is the first of the next generation of rootkits.
It uses a mixture of old techniques and new ideas to make it "totally invisible on a compromised computer when installed". Apparently it even worked well on a beta version of Windows Vista the Symantec crowd were playing with.
The rootkit probably came from the coding hot houses of Russia and a variant called Backdoor.Rustock.B has also been spotted.
F-Secure claims that its BlackLight rootkit scanner, Build 2.2.1041, can detect the new rootkit.
posted by Fergie @ 7/17/2006 07:59:00 PM
0 Comments:
Post a Comment
<< Home