'Super stealth' rootkit
A new Trojan program is so clever that many security experts have called it a 'new chapter' in the fight against malware. With the name Rustock (according to Symantec) or Mailbot.AZ (according to F-Secure), this Trojan uses sophisticated rootkit techniques to prevent viruses.
A new Trojan program is so clever that many security experts have called it "a new chapter" in the fight against malware.
With the name Rustock (according to Symantec) or Mailbot.AZ (according to F-Secure), this Trojan uses sophisticated rootkit techniques to evade the security scanning technologies currently in use.
" It can be considered the first representative of a new generation of rootkits, " Symantec expert Alia Florio said. " Rustock.A is a smart combination of old technology with new ideas - so it can be used to stand outside the coverage of many rootkit detection software ".
In the case of Rustock / Mailbot.AZ, rootkit technology has been used to hide a Trojan. This Trojan will open the backdoor of the infected computer, enabling hackers to attack and hack.
In the tireless race against security vendors, Rustock's author seems to have thoroughly studied the inner workings of rootkit removal tools.
" Security companies are always ahead of bad guys, but bad guys have their products. They can dissect and find the weaknesses of those products, combined with some sophisticated techniques. to strengthen your rootkit, "said Craig Schmugar, vice president of virus research at McAfee.
By using multiple methods of cloaking at the same time, Rustock is almost "invisible" inside the infected system, including computers that have Windows Vista installed.
To avoid detection, Rustock does not run any processes. Instead, it activates the code inside the driver and the kernel streams.
In addition, Rustock does not use hidden files, avoiding activating application program interfaces (APIs). These are the main clues to rootkit-based scanning tools in rootkit detection.
However, the possibility of rootkit users with this Trojan attack is not much. Despite this, the security community is still buzzing, because it represents a threat that is staking the corner.
Thien Y
You should read it
- These Anti-Rootkit tools should and should be in the system
- Differentiate between Gootkit, Bootkit and Rootkit
- 2007: Super sophisticated Trojan will be raging
- 'Rootkit + Trojan = Increased danger'
- Learn about the sample Rootkit.Win32.Stuxnet.a
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- 5 best free security tools you may not know yet
- Rootkits - potential dangers
- 6 steps to have a safer computer
- Tried to define 'rootkit'
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Instructions for removing LSE on Lenovo computers
Maybe you are interested
Fix Opera installer crashes downloading on Windows Why You Should Consider Hiring a Risk Management Agency How to Wear a Prince of Wales Suit 10 books 'head pillow' of the world's most famous people Do you know why the zipper always has a small hole? How much wind turbines are needed to meet the power needs of our planet Earth?