Windows Rootkit Wars Escalate

← Back to Stories (view on slashdot.org)

Windows Rootkit Wars Escalate

Posted by ryuzaki0 on Thursday July 13, 2006 @03:42AM from the most-secure-version-of-windows-ever dept.

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

10 of 342 comments (clear)

Min score:

Reason:

Sort:

Re:number 1 reason to hate sony by ScentCone · 2006-07-13 03:51 · Score: 4, Funny

I hate them because of that incident the word rootkit became popular.

I know what you mean! Just the other day I was listening to two teenage girls yakking in the mall...

"Oh no you did-uhnt! Girl, you can't be lettin' some loser root your kit like that!"

--
Don't disappoint your bird dog. Go to the range.
if only windows was closed source by Anonymous Coward · 2006-07-13 03:51 · Score: 5, Funny

If only Windows was closed source, then writing such tools would be difficult. Oh, wait...
Detection by kirkb · 2006-07-13 03:54 · Score: 4, Funny

This Russian-created rootkit is smart enough to recognize known anti-rootkit tools and hide from them.

Does this mean that in Soviet Russia, rootkits detect y... Bah, nevermind. Too easy. :P

--
Slashdot: come for the pedantry, stay for the condescension.
1. Re:Detection by monopole · 2006-07-13 04:49 · Score: 4, Funny
  
  In Soviet Russia Vista Rootkits ship before Vista
Re:Forever War by 0xABADC0DA · 2006-07-13 04:19 · Score: 2, Funny

Here let me codify that:

while (!os_written_in_typesafe_language) {
counter_rootkit(create_rootkit(true));
}
. . .
catch (NoSuchRootkitPossibleException ex) {
// what's that you say?
}
Howdy Hoo ! by Joebert · 2006-07-13 04:19 · Score: 2, Funny

Theese things are like the neighbor that just walks in the house, takes a piss, grabs a beer out of the fridge, asks you if you're watching teh game after sitting on the couch next to you.

If they'd put some fucking beer in there now & then it wouldn't be so damn aggrevating.

--
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Good thing I still use Windows 95... by linebackn · 2006-07-13 04:22 · Score: 2, Funny

NTFS alternate data stream? It's a good thing I still use Windows 95 that doesn't have any of those fancy shmancy features that can be exploited like that.
Re:Security doesn't start at rootkit detection by Opportunist · 2006-07-13 04:44 · Score: 3, Funny

What do you mean, "buy music"?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Obligatory Star Wars reference by Shadowland · 2006-07-13 05:05 · Score: 5, Funny

[Yoda]
Begun, the Rootkit Wars have...
[/Yoda]
What's a "Trojan?" by Rimbo · 2006-07-13 05:38 · Score: 2, Funny

My boss was telling me how he'd spent all morning with the IT manager removing a trojan off of his Windows machine.

I looked up from my iBook and FC5 workstation, looked him in the eye with a face full of innocence, and asked, "What's a 'Trojan?'"

"Well, see, it's like... a 'trojan' is like the Trojan horse; it's a program that comes into your system and ..."

wink

"...why I oughtta slug you!"

It's a good thing the guy's a consummate professional, because I probably deserve to be writing this from the hospital.