Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Invisible rootkit

Invisible rootkit

by Nikola Strahija on July 15th, 2006 A new security threat has risen to plague the online and offline world: a rootkit programmed so delicately it escapes recognition of most rootkit detectors.


Backdoor.Rustock.A named by Symantec (aka Mailbot.AZ by F-Secure) is -...a back door Trojan horse that allows a compromised computer to be used as a covert proxy. It uses rootkit techniques to hide any files and registry subkeys it creates, says Symatec advisory.

The vicious Trojan attempts to hide itself from the applications that contain RootkitRevealer, BlackLight or Rkdetector strings. It can install an ICQ program, open a proxy or send mail.

Elia Florio of Symantec explains why this rootkit is so different from what we have already seen: the Backdoor.Rustock.A has no process to detect, hides inside Alternate Data Stream, does not hook native API, removes its entries from kernel structures and has polymorphic driver which changes with every installation.

All of this makes the new Trojan very difficult to detect. Some of the computer security vendors have already updated its products as a reply to this threat, but many security experts warn that this is just the beginning, and that the fight against malware is long from over.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »