ROOTKITS

Niet alle narigheid wordt direct ontdekt. Artikelen over de zeer gevaarlijke "Rootkits"!

Invisible' Rootkit Heralds Trouble Ahead.

Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code. The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.

The rootkit is "unique given the techniques it uses," Symantec’s Elia Florio wrote in a recent analysis. "It can be considered the first-born of the next generation of rootkits." Meer>>

Verder over Rootkits, ook ontwikkeld met het oog op- / voorbereid voor de nieuwe Windows Vista versie.

Stealth rootkit makes its debut in the real world
7/17/2006 9:13:44 PM, by Peter Pollack

Antivirus researchers and microbiologists are similar in that they both have occasionally predicted the rise of a new type of malignant attack before it is actually seen in the wild. In the biological arena, the continued spread of drug-resistant bacteria would be one example of this. In the world of electrons and data, some researchers had already prophesied the rise of rootkits that would be designed to hide themselves from ordinary means of detection.

Backdoor.Rustock.A is the first such stealth rootkit found outside the environs of the antivirus lab. Although Rustock.A (or Mailbot.AZ, as the F-Secure experts are calling it) is being rated by Symantec as an easy threat containment with a low distribution level, it uses some new techniques that make it virtually impossible to detect using conventional means. Meer>>

Microsoft looks for ways to combat Blue Pill, code-signing bypass

By Ellen Messmer, Network World, 08/07/06

After security researcher Joanna Rutkowska Thursday demonstrated how it’s possible to circumvent security in Microsoft’s Vista beta software and install a rootkit called Blue Pill, Microsoft said it intends to find ways to stop both potential threats before Vista ships.

At the Black Hat conference, Rutkowska, security researcher at Singapore-based firm COSEINC, showed that she found a way to bypass the Vista integrity-checking process for loading unsigned code into the Vista kernel. Then she presented Blue Pill, a rootkit she created based on Advanced Micro Devices (AMD) Secure Virtual Machine, Pacifica. Meer>>

Experts divided over rootkit detection and removal

By Ellen Messmer, NetworkWorld.com, 08/22/06

The detection and eradication of rootkits — the software code increasingly used to hide malware or adware — is either fairly simple or nearly impossible, depending on which security expert is bringing up the topic.

This often striking difference of opinion is certain to confuse corporate security managers and systems administrators who have an interest in defending against rootkits hiding on desktops, servers and databases. While there are few software products promising rootkit detection and removal today, more vendors are stepping up to take a swing at it. Meer>>

Hierbij een stuk, overgenomen van Symantec, met een redelijk begrijpelijke beschrijving van: