Monday, July 17, 2006

'Invisible' Rootkit Found in The Wild

Nick Farrell writes on The Inquirer:

Security experts have found a really nasty rootkit which is next to near impossible to detect and remove.

Dubbed Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, the code cannot be spotted by most current rootkit detectors.

Symantec claims that it is the first of the next generation of rootkits.

It uses a mixture of old techniques and new ideas to make it "totally invisible on a compromised computer when installed". Apparently it even worked well on a beta version of Windows Vista the Symantec crowd were playing with.

The rootkit probably came from the coding hot houses of Russia and a variant called Backdoor.Rustock.B has also been spotted.

F-Secure claims that its BlackLight rootkit scanner, Build 2.2.1041, can detect the new rootkit.

More here.

0 Comments:

Post a Comment

<< Home