Stealth Rootkits Are Bombarding XP SP2 Boxes
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Stealth Rootkits Are Bombarding XP SP2 Boxes

  1. #1
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171

    Stealth Rootkits Are Bombarding XP SP2 Boxes

    In light of all the recent discussion on rootkits...

    More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.

    Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility.

    "I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.

    In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month.

    WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.

    "Hacker Defender," another rootkit program that is available for sale on the Internet, has also been detected and deleted regularly.

    Garms shared statistics culled from the worm cleansing tool in an interview with Ziff Davis Internet News and warned that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.
    http://www.eweek.com/article2/0,1895,1896605,00.asp
    Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes

  2. #2
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.
    that's right, and they even got SONY to write the newest
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    Not so strange, here is about FU "rootkit dot com/project.php?id=12"
    I think that source for this also avalible that make possible to reuse it.

    invisible, working software ...... ehh....
    // too far away outside of limit

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    I question these statistics. The definition of "rootkit" must be a loose term at MS. Most of the bots I've seen do not have this capability (keylogging and rootkits). So, before I buy any statistic, I always ask for clear definitions of terms and metrics.

    Keep in mind that if you go to a Chevy dealer and ask for stats on their vehicles, you'll get a biased set of stats. Walk across the street and the Ford guy will show you the polar opposite.

    MSRT is a business unit. Of course they are going to pump inflated stats out there. In my estimation, I've seen less than 1% of bots with these capabilities.

    Anyway, thanks for the post E. I needed a chuckle in between cups of coffee.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    th13- Could it not be the case that there are that many out there, you just haven't seen them because they are invisible? wink wink... nudge nudge...













    And yes, that was said as a joke before anybody gets to upset..

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    LOL. I think it's more likely that hosts taking part in the MSRT "project" are reporting back information based on Microsoft's definition of a rootkit. It it my experience that most AV scanners aren't capable of detecting rootkits so to see a high number like 20% seems very unrealistic. Again, using multiple techniques, I've seen less than 1% coverage into the rootkit/keylogger payload in bots.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    It definately seems high.... but an even bigger question is... if they're Stealth... how is Microsoft finding them.... come on... You can use Stealth to refer to something that you've "easily" detected.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I agree with Hoss~ in that "rootkits" are not what one normally associates with Windows; there are other more reliable ways to exploit/infiltrate that OS. Sure, they exist, but they are somewhat "rare"?

    You can use Stealth to refer to something that you've "easily" detected.
    Exactly!..............all you need to do is make it slightly less than obvious/standard, and it is "stealth"?

    I think that just about shares my cynicism with "marketing hype"

    It looks like marketing tied in to a mis-definition situation to me?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    if they're Stealth... how is Microsoft finding them.... come on... You can use Stealth to refer to something that you've "easily" detected.
    This is my point. Based on what MS considers a "rootkit" dictates the statistics you're given.

    I give it my turd polishing stamp of approval. This is poop. It's been polished. It's now shiny and pretty poop.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    One question...to anyone...

    if Microsoft is saying it is being bombarded with rootkit's and the virus writers are using more "sophisticated techniques to hide malicious programs"...how is this good for Microsoft in the way of promotion or marketing...why would they lie about figures that appear to detrimental to sales???

    I would be less inclined to buy Microsoft knowing it has a high rate of infestation.

    Eg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides