Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Bagle worm enhanced with rootkit

Bagle worm enhanced with rootkit

by Nikola Strahija on March 30th, 2006 F-Secure has warned of Bagle.GE, new Bagle worm variant, which now includes rootkit features.


Bagle.GE loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. The rootkit successfully hides processes, files and directories, registry keys and values and contains code that will prevent certain security related processes and kernel-mode modules from running, according to F-Secure.

It also contains commands to disable security software and delete security-related files whenever they are opened.

Other security companies also report new Bagle-rootkit variants, and other viruses enhanced with rootkits, such as Gurong.A (Mydoom variant).


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »