Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Rootkit Wars Escalate

Posted by ryuzaki0 on from the most-secure-version-of-windows-ever dept.

An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

2 of 342 comments (clear)

  1. Enough is enough by Le+Marteau · · Score: 0, Troll

    Breaking into a computer should be considered as serious as breaking into one's home. Enough of the "kids will be kids" stuff, and lets have our government go after the zombie masters as the scum that they are: invaders into our lives and our stuff.

    --
    Mod down people who tell people how to mod in their sigs
  2. Re:Security doesn't start at rootkit detection by Bryansix · · Score: 0, Troll

    While you are correct about 99% of of infections about 1% come just connecting to the internet. Remember that there was a time when MS did not have a patch out and you could get a virus just by being online. In addition holes in IE allow machines to be infected simply by surfing onto legitimate websites that have been compromised on the backend.