Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11'Super stealth' rootkit
A new Trojan program is so clever that many security experts have called it "a new chapter" in the fight against malware.
With the name Rustock (according to Symantec) or Mailbot.AZ (according to F-Secure), this Trojan uses sophisticated rootkit techniques to evade the security scanning technologies currently in use.
" It can be considered the first representative of a new generation of rootkits, " Symantec expert Alia Florio said. " Rustock.A is a smart combination of old technology with new ideas - so it can be used to stand outside the coverage of many rootkit detection software ".
'Super stealth' rootkit Picture 1 Source: CNET Rootkit is considered a new unpredictable threat. They are used to hide malicious software according to hacker intentions.
In the case of Rustock / Mailbot.AZ, rootkit technology has been used to hide a Trojan. This Trojan will open the backdoor of the infected computer, enabling hackers to attack and hack.
In the tireless race against security vendors, Rustock's author seems to have thoroughly studied the inner workings of rootkit removal tools.
" Security companies are always ahead of bad guys, but bad guys have their products. They can dissect and find the weaknesses of those products, combined with some sophisticated techniques. to strengthen your rootkit, "said Craig Schmugar, vice president of virus research at McAfee.
By using multiple methods of cloaking at the same time, Rustock is almost "invisible" inside the infected system, including computers that have Windows Vista installed.
To avoid detection, Rustock does not run any processes. Instead, it activates the code inside the driver and the kernel streams.
In addition, Rustock does not use hidden files, avoiding activating application program interfaces (APIs). These are the main clues to rootkit-based scanning tools in rootkit detection.
However, the possibility of rootkit users with this Trojan attack is not much. Despite this, the security community is still buzzing, because it represents a threat that is staking the corner.
Thien Y
Samuel DanielYou should read it
- These Anti-Rootkit tools should and should be in the system
- Differentiate between Gootkit, Bootkit and Rootkit
- 2007: Super sophisticated Trojan will be raging
- 'Rootkit + Trojan = Increased danger'
- Learn about the sample Rootkit.Win32.Stuxnet.a
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- 5 best free security tools you may not know yet
- Rootkits - potential dangers
- 6 steps to have a safer computer
- Tried to define 'rootkit'
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Instructions for removing LSE on Lenovo computers
Maybe you are interested
Distinguish viruses, trojans, worms and rootkits
Moriya: An advanced and very dangerous 'stealth' Rootkit
Differentiate between Gootkit, Bootkit and Rootkit
How to scan malware and rootkits on Linux server
These Anti-Rootkit tools should and should be in the system
Learn about the sample Rootkit.Win32.Stuxnet.a
Introduction to viruses, worms, and Trojans
80% of new malware easily bypass antivirus software
There appears to be a virus attacking PowerPoint
Appeared fake Google Toolbar trojans
The fake Trojan add-on Trojan is extremely dangerous
2 viruses that destroy data