Archive for the 'McAfee' Category

New Storm Worm Rootkit Domain happy2008toyou.com appears on the stroke of Midnight

Tuesday, January 1st, 2008

Another Storm Worm domain as popped up on the radar,

happy2008toyou.com

The whois…

Domain name:             HAPPY2008TOYOU.COM
Name Server:             ns.happy2008toyou.com 68.251.106.142
Name Server:             ns10.happy2008toyou.com 89.35.121.187
Name Server:             ns11.happy2008toyou.com 58.9.65.61
Name Server:             ns12.happy2008toyou.com 222.209.139.28
Name Server:             ns13.happy2008toyou.com 82.59.136.43
Name Server:             ns2.happy2008toyou.com 68.36.252.81
Name Server:             ns3.happy2008toyou.com 71.230.66.163
Name Server:             ns4.happy2008toyou.com 68.61.185.117
Name Server:             ns5.happy2008toyou.com 70.232.142.1
Name Server:             ns6.happy2008toyou.com 66.75.86.71
Name Server:             ns7.happy2008toyou.com 85.29.202.180
Name Server:             ns8.happy2008toyou.com 86.139.75.35
Name Server:             ns9.happy2008toyou.com 86.130.251.39
Creation Date:           2007.12.29
Updated Date:            2007.12.29
Expiration Date:         2008.12.29
Status:                  DELEGATED
Registrant ID:           X05O1TC-RU
Registrant Name:         Larry Claus
Registrant Organization: Larry Claus
Registrant Street1:      1874 str.  office 923
Registrant City:         Los-Angeles
Registrant State:        CA
Registrant Postal Code:  320784
Registrant Country:      US
Administrative  Technical Contact
Contact ID:              X05O1TC-RU
Contact Name:            Larry Claus
Contact Organization:    Larry Claus
Contact Street1:         1874 str.  office 923
Contact City:            Los-Angeles
Contact State:           CA
Contact Postal Code:     320784
Contact Country:         US
Contact Phone:           1 320 5216723
Contact E-mail:          larryknower931@yahoo.com

Registrar:               ANO Regional Network Information Center dba RU-CENTER
Last updated on 2008.01.01 03: 36: 27 MSK/MSD

The full list of domains we currently have is:

familypostcards2008.com
freshcards2008.com
happy2008toyou.com
happycards2008.com
happysantacards.com
hellosanta2008.com
hohoho2008.com
newyearcards2008.com
newyearwithlove.com
parentscards.com
postcards-2008.com
Santapcards.com
Santawishes2008.com

The filename downloaded is happy_2008.exe

Most Virus Scanners find it,

Have a happy New Year,

Keep Safe,

regards,

Steo

Posted in News, Microsoft, New Rootkits, E-Cards, Rootkit Scanners, Other Malware, McAfee, wincom32, peacomm, Analysis, Nuwar, Storm Worm, Rootkit Unhooker | 2 Comments »

McAfee release a new Rootkit Scanner -Rootkit Detective

Friday, January 5th, 2007

How many new Rootkit Scanners were released in 2006?
I make it at least 11 give or take a few.

There is a big trend for the big Anti Virus companies to release dedicated rootkit scanners. In 2006 Sophos, AVG, Avira and Trend Micro were some of the big names who brought us dedicated rootkit scanners.

McAfee have now released their own rootkit scanner called Rootkit Detective and have made it freely available to from thier website. This is an interesting development as the page it can be downloaded from is the original Stinger page. It will make sure that McAfee get a lot of exposure as Stinger is one of the well known malware removers around.

Here is some info from the McAfee page on Rootkit Detective:

“McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.

McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.”

Features

Following are the features of this program that are designed to proactively detect and clean rootkits from the system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them.

 

  • Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
  • Provides information about all running processes in the system.
  • Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
  • Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
  • Allows the user to terminate the malicious processes.
  • Users can submit samples using the submission feature present in the tool.
  • Users can also collect the samples manually after renaming them and submit to stinger@avertlabs.com for further analysis.

 

Rootkit Detective log file contains details of the hidden files. The files once renamed after reboot will have a .REN extension.

McAfee Rootkit Detective Front End

 

 

 

 

 

 

 

 

 

 

 

Once again this shows how big a threat the big anti virus companies see rootkits. Panda Software Pandalabs recently said in a report that they see rootkits as a bigger threat in 2007.

Keep Safe
regards
Steo

www.antirootkit.com

Posted in News, Rootkit Scanners, McAfee | 2 Comments »