New invisible rootkit hits Windows including Vista
Monday, July 17, 2006 - 09:33 AM EST"Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code," Matthew Broersma reports for Techworld. "The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors."
"The rootkit is 'unique given the techniques it uses,' Symantec's Elia Florio wrote in a recent analysis. 'It can be considered the first-born of the next generation of rootkits.' Rustock.A uses a mixture of old techniques and new ideas to make it "totally invisible on a compromised computer when installed," including a beta version of Windows Vista, Florio wrote," Broersma reports.
"Symantec believes the rootkit originates from Russia, and a string found in the rootkit's code indicates new versions will probably be forthcoming. Symantec has already logged a variant called Backdoor.Rustock.B," Broersma reports.
Broersma reports, "F-Secure noted Rustock's use of NTFS' Alternate Data Streams (ADS) as one significant example of its advanced behaviour... According to researchers, other factors that help make Rustock invisible are that it has no process, instead running inside the driver and in kernel threads. It doesn't hook into any native API, and controls kernel functions via special IRP functions. It removes its entries from kernel structures, and the SYS driver is polymorphic, changing its code from sample to sample."
Full article here.
MacDailyNews Take: Tellingly, Windows Vista's near-total obscurity does absolutely nothing for its "security."
Mac OS X, virus-free for over five years and counting.
By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. - Click here to find out more.
Life's too short. Get a Mac.
Send us links! Email: webmaster@macdailynews.com
MacDailyNews and iPodDailyNews are Apple Store affiliates and if you buy something from the Apple Store within 24-hours after clicking any one of our Apple Store ads, we will receive an affiliate percentage from Apple. There is no extra cost to you. Canadians please use this link: Apple Store Canada. Thank you in advance for helping to support MacDailyNews and iPodDailyNews.
Apple Store Advertisements:
• The all-new 13-inch MacBook. The next generation of notebooks starts at $1299.
• The all-new 15-inch Macbook Pro. New design. New features. New technologies. From $1999.
• The all-in-one iMac. Now at speeds up to 3.06GHz. Free shipping. From $1199.
• iPod touch. The funnest iPod ever. Starting at $229. Free Shipping.
• iPod nano. New design. New features. Starting at $149. Free shipping.
• Visit the Apple Store today. Free ground shipping on all orders over $50.
MacDailyNews on Twitter
Related MacDailyNews articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X - July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time - July 07, 2006
Sophos Security: Dump Windows, Get a Mac - July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses - December 06, 2005
= 
very good mdn, nice take