Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Rootkit Wars Escalate

Posted by ryuzaki0 on from the most-secure-version-of-windows-ever dept.

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

14 of 342 comments (clear)

  1. Re:Enough is enough by AssCork · · Score: 1, Funny

    The Government's resources are currently tied up chasing 'terrorists' and holding the world's oil supply hostage. Please wait your turn. Your post has been noted and the next available Government Agent will be dispatched as soon as they are free. Thanks.

    --
    The following replies are posted by unwashed nerds.
  2. Re:T-minus 3... 2... 1... by failure-man · · Score: 1, Funny

    Yeah! We've had rootkits since . . . . . well, about as long as we've had root! Your retarded spawn of DOS and an art school is late to the party.
     
    Better late than never though I suppose . . . . .

  3. Re:number 1 reason to hate sony by ScentCone · · Score: 4, Funny

    I hate them because of that incident the word rootkit became popular.

    I know what you mean! Just the other day I was listening to two teenage girls yakking in the mall...

    "Oh no you did-uhnt! Girl, you can't be lettin' some loser root your kit like that!"

    --
    Don't disappoint your bird dog. Go to the range.
  4. if only windows was closed source by Anonymous Coward · · Score: 5, Funny

    If only Windows was closed source, then writing such tools would be difficult. Oh, wait...

  5. Detection by kirkb · · Score: 4, Funny

    This Russian-created rootkit is smart enough to recognize known anti-rootkit tools and hide from them.

    Does this mean that in Soviet Russia, rootkits detect y... Bah, nevermind. Too easy. :P

    --
    Slashdot: come for the pedantry, stay for the condescension.
    1. Re:Detection by monopole · · Score: 4, Funny

      In Soviet Russia Vista Rootkits ship before Vista

  6. HYPE SELLS by majest!k · · Score: 1, Funny

    "Rootkit Wars" ??

    This isn't a war. This is merely an advance in the sophistication of one rootkit. This happens all the time.

    Why is this being called a "war" now?

    Maybe because if they called it what it is - "Another Lame Virus Advancement" - nobody would click the link and look at their ads.

    What a joke.

    By the way, does anyone else find it funny that Symantec and F-Secure have "blogs" now? WTF? Why not just go the whole 9 and create a MySpace profile too?

    --
    smattawichu
  7. Re:Forever War by 0xABADC0DA · · Score: 2, Funny

    Here let me codify that:

    while (!os_written_in_typesafe_language) {
          counter_rootkit(create_rootkit(true));
    }
    . . .
    catch (NoSuchRootkitPossibleException ex) {
    // what's that you say?
    }

  8. Howdy Hoo ! by Joebert · · Score: 2, Funny

    Theese things are like the neighbor that just walks in the house, takes a piss, grabs a beer out of the fridge, asks you if you're watching teh game after sitting on the couch next to you.

    If they'd put some fucking beer in there now & then it wouldn't be so damn aggrevating.

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  9. Good thing I still use Windows 95... by linebackn · · Score: 2, Funny

    NTFS alternate data stream? It's a good thing I still use Windows 95 that doesn't have any of those fancy shmancy features that can be exploited like that.

  10. Re:Security doesn't start at rootkit detection by Opportunist · · Score: 3, Funny

    What do you mean, "buy music"?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. i feel left out by Anonymous Coward · · Score: 1, Funny

    i still use FAT32, you insensitive clod!

  12. Obligatory Star Wars reference by Shadowland · · Score: 5, Funny

    [Yoda]
    Begun, the Rootkit Wars have...
    [/Yoda]

  13. What's a "Trojan?" by Rimbo · · Score: 2, Funny

    My boss was telling me how he'd spent all morning with the IT manager removing a trojan off of his Windows machine.

    I looked up from my iBook and FC5 workstation, looked him in the eye with a face full of innocence, and asked, "What's a 'Trojan?'"

    "Well, see, it's like... a 'trojan' is like the Trojan horse; it's a program that comes into your system and ..."

    wink

    "...why I oughtta slug you!"

    It's a good thing the guy's a consummate professional, because I probably deserve to be writing this from the hospital.