Windows Rootkit Wars Escalate
An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."
I hate them because of that incident the word rootkit became popular.
I know what you mean! Just the other day I was listening to two teenage girls yakking in the mall...
"Oh no you did-uhnt! Girl, you can't be lettin' some loser root your kit like that!"
Don't disappoint your bird dog. Go to the range.
If only Windows was closed source, then writing such tools would be difficult. Oh, wait...
This Russian-created rootkit is smart enough to recognize known anti-rootkit tools and hide from them.
:P
Does this mean that in Soviet Russia, rootkits detect y... Bah, nevermind. Too easy.
Slashdot: come for the pedantry, stay for the condescension.
What do you mean, "buy music"?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
[Yoda]
Begun, the Rootkit Wars have...
[/Yoda]