Anti Rootkit Blog

F-Secure have reported in their blog today that a rootkit called Haxdoor is being used to retrieve users bank details, passwords, pin codes, etc. It hooks HTTP functionality, redirects traffic, steals private information, and transmits the stolen data to a web-server controlled by the attacker.

The Haxdoor rootkit can grab the information before it is encrypted and sent to the Bank’s website and the computer user is none the wiser of the actions of the rootkit. Haxdoor then sends the information to the attacker.

Keep Safe

regards
Steo
www.antirootkit.com

F-Secure have reported in their blog recently that a German version of the DVD film Mr & Mrs Smith starring Brad Pitt and Angelina Jolie contains copy protection that uses stealth techniques.

The DVD uses copy protection from Settec called Alpha-DVD which stops users from copying the DVD. Settec have made an uninstaller available. The F-Secure blog shows how Blacklight found a file called wtsap32.exe which was a hidden service. No files were been hidden which makes the rootkit a bit less dangerous. If it was able to hide files it could then have been used by criminals to hide their own files using the rootkit.

It is amazing to see companies still using techniques like this, especially after the Sony rootkit debacle that hurt their customer base and was a public relations nightmare.

The German edition of the DVD seems to be the only one affected.

Keep Safe

regards
Steo
www.antirootkit.com

The US Department of Homeland Security has that the use of rootkit’s with commercial software will have to stop or else it will be regulated by the government. He spoke in particular about the Sony rootkit debacle which shows the extent to which the fiasco has had on consumers and worldwide attention.

“We need to think about how that situation could have been avoided in the first place,” said Jonathan Frenkel, director of law enforcement policy with the DHS’s Border and Transportation Security Directorate, who was speaking at the RSA Conference 2006 in San Jose, California.

The DHS has called before for software vendors to be careful with the way their software may use stealth technology for protection purposes. The Sony BMG episode hit thousands of customers who bought music cd’s infected with the Sony rootkit. The rootkit was then exploited itself by hackers who used it’s capabilities to hide it’s own malware.

It seems that again it will boil down to a definition of rootkit’s, what’s acceptable and what’s not, when it comes to software. Only then can regulation or legislation be useful.

Keep Safe

regards
Steo
www.antirootkit.com

Mark Russinovich has discovered two CD Emulation programs that seem to use rootkit technology to evade from Digital Rights Management software. Mark wrote in his blog recently that two popular programs called Alcohol and Daemon Tools try to fool the Operating System into thinking that they are not there and thus any DRM software will be fooled as well.

Mark used Rootkit Revealer to find that the software was using stealth techniques such as false registry entries to hide from the OS. From there he found discrepancies between what Windows thought was there and what actually was. On tracing the discrepancies he found that hidden device drivers and misleading registry entries were employed by the CD emulation and CD/DVD copying software.

The use of rootkit’s within commercial software should not be tolerated and is not as was seen with the Sony rootkit debacle. Both Alcohol and Daemon Tools “seem” to be using such techniques to defeat DRM.

Keep Safe

regards
Steo
www.antirootkit.com