Slashdot Mirror


Windows Rootkit Wars Escalate

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

3 of 342 comments (clear)

  1. T-minus 3... 2... 1... by Recovering+Hater · · Score: -1, Flamebait

    Cue the Mac OS-X / *Nix / *BSD zealotry.

    --
    My humor is probably your flamebait
    1. Re:T-minus 3... 2... 1... by Anonymous Coward · · Score: -1, Flamebait

      You're a fucking liar. I was a Mac user for years and no Windows user tried to get me to switch. I've never ever heard of that. And why would they? Windows is not a fucking religion. It's just a tool people use. Only the lesser OS's that are fighting for survival and relevance need to seek converts. Windows users couldn't give a piss what anyone else uses, they're content with themselves, and don't feel the need to worship or define themselves by one of the mundane tools they use every day.

      The only people who spout the "everyone does it" kind of bullshit are people who actually know that's not true and are just saying it to try to excuse their own ways.

  2. Re:Here's a nice FAQ on that. by chunky+shit+salsa · · Score: -1, Flamebait

    yes... Let me download and run this program the guy provides. It was linked to from /., a trusted source. it's closed-source, and the author states he won't release the source, but hey, that's cool. oh, you need to execute this exe as admin, too. Naah, I think I'll instead go take a bath in some spicy salsa after fucking myself. fairly informative article though, thanks fuckface.