Archive for December, 2005

Rootkit Guru: AntiVirus Makes Me Do It

Tuesday, December 20th, 2005

The author of Hacker Defender, holy_father, explained recently why he writes rootkits and why is doing the public a good service by letting the public know what the capabilities of rootkits are, what they can do and how the can be used. This information should then be used by security companies to provide better security for their computer users. Anti virus companies have long known that rootkits will thwart the scanning of viruses and spyware.Anti virus comapnies have asked for the code of Hacker Defender. They have not faced up to the real reality that viruses and spyware can be hidden from their scanners by rootkits. Unless they provide a way to stop rootkits taking hold or better scanning technology then they will never be able to overcome rootkits.

Keep Safe

regards
Steo
www.antirootkit.com

Posted in News, Underground | No Comments »

IM Worm On MSN, AOL, ICQ, & Yahoo Plants Rootkit

Monday, December 19th, 2005

A new worm which persuades Instant Messaging users to visit a Santa Claus site was found on many IM networks like MSN, AOL, ICQ and Yahoo. Users who visted the site were infected a rootkit with a filename of gift.com. The infections the went on to record key strokes and provide a backdoor to hackers while staying hidden from anti virus software through it’s stealth technology.IMlogic reported it as a Medium risk. It specifically infects previously infected users by way of allready in place exploits. It will also try and disable your anti-virus software. This is just another IM worm or trojan spotted recently. Recently a Worldwide IM botnet was discovered which had links to a group from the Middle East.

Keep Safe

regards
Steo
www.antirootkit.com

Posted in News, Instant Messaging | No Comments »

Anti-spyware Battles Rootkits with Rootkit Tactics

Thursday, December 15th, 2005

Anti-spyware software company Aluria are leading the way ahead in Anti-Spyware prevention by adding a technology that will operate at the Windows “kernel,” or core processing center. The new kernel-mode features are a response to new, sophisticated spyware.Aluria have developed a news system called ADS ( Active Defence Shield ) which by using kernel mode techniques stop spyware from getting into parts of the computer that are now becoming a serious problem.
“ADS installs a kernel driver that hooks into a computer’s system driver, which controls the processes executing on that machine. Since any computer action ultimately involves a response by the system driver, the Aluria software can detect any suspicious activity and can stop spyware before it is written to the computer’s file system.” …..source

The one problem with using technology like this is that other scanning software like Anti-Virus or Anti-Spyware software may flag it as suspicious behaviour and cause serious problems to users in the future.

Keep Safe

regards
Steo
www.antirootkit.com

Posted in News, Spyware | No Comments »

Microsoft Patch Cleans Up After Sony Rootkit

Wednesday, December 14th, 2005

Microsoft have this month included an update for the Windows Malicious Software Removal Tool which adds detection and deletion for “F4IRootkit,” Microsoft’s name for the Sony rootkit that was shipped with over 5 million CDs.This is a good move from Microsoft as many thousands of unsuspecting users are known to have the Sony rootkit on their system. This follows the news that the rootkit can be used by virus writers and Spyware makers to hide their files. Recently a new Trojan called Stinx-E was found that dropped a file called $sys$drv.exe which is basically a backdoor for hackers to execute commands on the infected computer.

Sony’s rootkit hides all files that begin with $sys$ so that they are not visible to anti virus products. Thus by creating a trojan, virus or spyware whose filename begins with $sys$ hackers can use the Sony installed rootkit to hide files and remain undetected.

Keep Safe

regards
Steo
www.antirootkit.com

Posted in News, Sony Rootkit, Microsoft | No Comments »

Intel working on rootkit detection techniques

Thursday, December 8th, 2005

Intel recently released a document which shows that they are developing technology that will thwart malacious code from executing in the core processor area which rootkits are known to use. This is a first for the industry and it shows that rootkits are a major worry for the larger corporations and they are putting a lot of effort into overcoming what is becoming a scourge on computer users worldwide.The technology basically consists of an integrated chip on the computer motherboard which will protect key areas of the processor from use by users and thus away from rootkit users.

In a nutshell, a quote from the Intel Research article

“This firmware-based approach, called System Integrity Services (SIS), makes use of a true, isolated execution environment, as well as sophisticated integrity checks and forgery-protected, execution-presence verification, to detect attacks that circumvent, tamper with, or disable critical software agents running on a host computing system.”

Intel hope to have this system available to end users in either 2008 or 2009. There is a bit go yet but it is in the right direction.

Keep Safe

regards
Steo
www.antirootkit.com

Posted in News, Intel | No Comments »