Windows Rootkit Wars Escalate

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

Re:number 1 reason to hate sony

[djdavetrouble]

A rootkit is a tool that script kiddies use to break into systems, as opposed to someone with actual skill finding and exploiting weaknesses using their own brain.

No it isn't.
A rootkit is what is installed to give the cracker unimpeded access (provides a backdoor, hides processes, replaces legitimate processes with trojaned ones, keep activity out of system logs) once they have gained entry to a system (usually throgh a known vulnerability.) THeir activity would be hidden from netstat ps, etc.

At least look at Wikipedia.

Re:Forever War

[Lumpy]

Nope your saviour is called BartPE. no virus,worm,rootkit on the planet can disable it.

In fact I dont even bother running any Host OS scans when I fix someone's PC anymore, I boot from a BartPE disc, scan it with the antivir and antispyware and clean it up easier and faster than anything else.

Takes me far less time I get it on the first try and it's back to a clean machine for 35 seconds until the owner clicks on things again to reinstall every bit of spyware.