'Super stealth' rootkit
A new Trojan program is so clever that many security experts have called it "a new chapter" in the fight against malware.
With the name Rustock (according to Symantec) or Mailbot.AZ (according to F-Secure), this Trojan uses sophisticated rootkit techniques to evade the security scanning technologies currently in use.
Source: CNET " It can be considered the first representative of a new generation of rootkits, " Symantec expert Alia Florio said. " Rustock.A is a smart combination of old technology with new ideas - so it can be used to stand outside the coverage of many rootkit detection software ".
Rootkits are being considered an unpredictable new threat. They are used to hide malicious software according to hacker intentions.
In the case of Rustock / Mailbot.AZ, rootkit technology has been used to hide a Trojan. This Trojan will open the backdoor of the infected computer, enabling hackers to attack and hack.
In the tireless race against security vendors, Rustock's author seems to have thoroughly studied the inner workings of rootkit removal tools.
" Security companies are always ahead of bad guys, but bad guys have their products. They can dissect and find the weaknesses of those products, combined with some sophisticated techniques. to strengthen your rootkit, "said Craig Schmugar, vice president of virus research at McAfee.
By using multiple methods of cloaking at the same time, Rustock is almost "invisible" inside the infected system, including computers that have Windows Vista installed.
To avoid detection, Rustock does not run any processes. Instead, it activates the code inside the driver and the kernel streams.
In addition, Rustock does not use hidden files, avoiding activating application program interfaces (APIs). These are the main clues to rootkit-based scanning tools in rootkit detection.
However, the possibility of rootkit users with this Trojan attack is not much. Despite this, the security community is still buzzing, because it represents a threat that is staking the corner.
Thien Y
- Rootkits - potential dangers
- Discover the power of Russian stealth fighter T-50
- Try super-drone stealth aircraft
- McAfee launches a free rootkit removal tool
- What is stealth technology? How does it work?
- America shows off a stealthy flagship bearing the nickname 'ghost'
- Vista: block Rootkit attacks on the operating system core
- German newspaper voted 5 strongest TG weapons: China brought unexpected surprises
- University of California developed stealth coating thin with Teflon
- Successfully making stealth material can make the person behind it disappear!
- Decode the 'invisibility' costume worth half a billion
- The 'invisible' mega yacht is worth $ 110 million