Windows Rootkit Wars Escalate

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

FIRST POST!

from a machine with a rootkid installed... 0wned!

Meanwhile, MS releases a rootkit of their own...

[yeremein]

Microsoft Private Folder 1.0 uses rootkit-like techniques to hide encrypted files from the Win32 API. I wrote a little about it in
my blog a few days ago.

Re:Are you kidding?

[coyote-san]

Well, there's that criticism that the Bush administration did NOT go after that AQ camp in lawless Iraq since that would weaken the argument for going to war.

(Remember that NATO was enforcing no-fly zones in northern and southern Iraq and northern Iraq had become, de facto, independent of Saddam's control. This was a Good Think in Kurdish occupied lands, but it also opened the door for al Zaquari (iirc) to have a substantial camp outside of Saddam's effective control. It wasn't that Saddam permitted the base there, it was that Saddam couldn't apply meaningful military force under NATO restrictions.)

(Some US planners explicitedly wanted to take out the camp since it harbored AQ, but the administration nixed that plan so it could say that Iraq "harbored" terrorists. Only wonks would know that 1) Saddam wanted them out of there more than we did (as evidenced by our inaction) and 2) he couldn't do anything because of our own actions.)