Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Serving Rootkits with Bagles

Posted by ryuzaki0 on from the worm-in-the-apple dept.

Iran Contra writes "Security researchers at F-Secure in Finland have discovered a rootkit component in the Bagle worm that loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. Bagle started out as a simple e-mail borne executable and the addition of rootkit capabilities show how far ahead of the cat-and-mouse game the attackers are."

2 of 150 comments (clear)

  1. As seen on their blog page... by True+ChAoS · · Score: 5, Informative

    This has been written about before on the F-Secure security blog. There's also a nice pic of what all the different parts of bagel look like and how they interact.

    --
    WARNING: May contain traces of nut
  2. Use RootkitRevealer from SysInternals.com. by Futurepower(R) · · Score: 4, Informative

    SysInternals' free program RootkitRevealer is the best way I know to reveal the presence of rootkits.

    In general, any program SysInternals provides is the best in its field, I've found.

    Try the just updated (March 7, 2006) version of Autoruns to find nasty stuff running under Windows.

    --
    Before, Saddam got Iraq oil profits & paid part to kill Iraqis. Now a few Americans share Iraq oil profits, & U.S. citizens pay to kill Iraqis. Improvement?