Anti Rootkit Blog

Mark Giuliani has updated his blog with a posting entitled “New Gromozon” and Rootkit.DialCall. It is written in Italian but the essence of it seems to be that a the Gromozon server redirections have changed and that previously known Premium Dialer called Rootkit.Dialcall is being spread via the same servers that the Gromozon rootkit is being sent out from.

It does not mean that Gromozon and Rootkit.DialCall are linked. The latest Rootkit.DialCall drops a Premium Rate dialer that dials numbers in Italy only. Gromozon did the same.

Mark goes on to say that the Rootkit.DialCall characteristics have changed and drops the rootkit PE386 which uses ADS ( Alternative Data Streams ) to hide. Users who think they have this rootkit can use GMER to remove it.

Marks Blog - Italian

English Translation via Google

What we can see here are the ever evolving tactics of a crime gang directed at Italian internet users.

It will be intersting to see how it all unfolds!

Keep Safe

regards
Steo
www.antirootkit.com

This entry was posted on Monday, November 20th, 2006 at 11:02 pm and is filed under News, New Rootkits, Gromozon. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.