madis ([info]madevil) rakstīja,
@ 2006-07-19 14:36:00

Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Symantec has discovered a new rootkit called Backdoor.Rustock.A which could give computer users a serious headache in the future.

The rootkit is virtually indetectable by virus scanners because it cunningly avoids using the standard method of infiltration, as Ars Technica explains. Virus software counts the number of processes running at a very high level then the number at a very low level. If the two are the same, then everything is fine. If there is another process running at a low level, you know you've got a rootkit.

Rustock.A, however, hides its work within other processes such as driver and kernel operations, meaning that it doesn't alter the process count, so virus software will not realise it is there.

It can also change its code and alter its behaviour when it detects a virus scanner running.

The code is basically proof of concept at the moment, but expect to see a heck of a lot more of this type of virus in the future, as those seeking to take control of your machine get a lot more sophisticated. Clearly, virus scanners are also going to have to think about how to detect rootkits in a different way.


(Ierakstīt jaunu komentāru)


[info]mafia
2006-07-19 15:07 (saite)
un kas? mani tas nepārsteidz.

(Atbildēt uz šo)


[info]lodzinjsh
2006-07-19 15:08 (saite)
oh noes, ko lai nu dara?! Vsjo, interneta dienas ir skaitītas!

(Atbildēt uz šo) (Diskusija)


[info]madevil
2006-07-19 15:18 (saite)
mūs var glābt tikai Aptiekas Logs !

(Atbildēt uz šo) (Iepriekšējais)


[info]actionman
2006-07-20 08:11 (saite)
thank god I'm safe.... for now.

(Atbildēt uz šo)

stripe4
(Anonīms)
2006-07-20 13:00 (saite)
priecājies, tev, man un citiem adminu aroda meistariem darbiņš. protams, būs jau pain in the ass, jo šobrīd pret šādu kaku ātrāks būs reinstalls nevis kaut kāda nesekmīga tīrīšana, bet nu darbiņš equals naudiņa. :)

(Atbildēt uz šo) (Diskusija)

Re: stripe4
[info]madevil
2006-07-20 13:37 (saite)
tad jau bezmazvai jaasaak atbalstiit shis development :D

(Atbildēt uz šo) (Iepriekšējais)


Neesi iežurnalējies. Iežurnalēties?