Named " Rustock ", the Trojan family first appeared almost a year ago. " The technique that Rustock uses will become the platform for malware in the future. Attackers are checking which technique is effective for replicating the model. Therefore, we anticipate Rustock will overflow. flooded in the future, "said expert Patrick Martin of Symantec.
A feature of Rustock and its reliance on a lot of modern rootkit tools to hide from security software. In addition, it also has the ability to change like chameleon when infecting a file.
" Any malware has to find a way to infiltrate the system, stick to it and download anything that its author designates, " Martin said, outlining the three most important tasks of every kind destructive. According to him, Rustock met all three "virtues" at an extremely high level.
Super sophisticated
2007: Super sophisticated Trojan will be raging Picture 1Source: Techtree As soon as one foot is placed in the system, it will dig hard to get inside. The better you avoid the security tools, the longer the Trojan's lifetime in your computer and the more profitable it is for the owner.
Like many other popular Trojans, Rustock is designed to spread spam from Zombie computer networks. Its "expertise" is picture spam, the problem has suddenly increased in quantity during the past October 2 and November 11.
Rustock "sticks" into Windows' 32-bit core and obstructs some APIs (Application Programming Interfaces) to hide the new registry code and the files it installs on the computer.
Besides, it is also equipped with some features of rootkit detection software, making it difficult for security tools to sniff out. And yet, Rustock has the ability to change the function of some parts of Windows to bypass the firewall.
Rustock constantly transforms, this is a very popular hacker technique before. " It's like a polyphonic ringtone, " which means that while the original algorithm is still intact, the code that represents them changes every time a new file is infected.