|
-
December 7th, 2005, 02:58 AM
#1
Stealth Rootkits Are Bombarding XP SP2 Boxes
In light of all the recent discussion on rootkits...
More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.
Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility.
"I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.
In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month.
WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.
"Hacker Defender," another rootkit program that is available for sale on the Internet, has also been detected and deleted regularly.
Garms shared statistics culled from the worm cleansing tool in an interview with Ziff Davis Internet News and warned that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.
http://www.eweek.com/article2/0,1895,1896605,00.asp
Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes
-
December 7th, 2005, 10:17 AM
#2
that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.
that's right, and they even got SONY to write the newest   
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
December 7th, 2005, 01:30 PM
#3
Not so strange, here is about FU "rootkit dot com/project.php?id=12"
I think that source for this also avalible that make possible to reuse it.
invisible, working software ...... ehh....
// too far away outside of limit
-
December 7th, 2005, 04:19 PM
#4
I question these statistics. The definition of "rootkit" must be a loose term at MS. Most of the bots I've seen do not have this capability (keylogging and rootkits). So, before I buy any statistic, I always ask for clear definitions of terms and metrics.
Keep in mind that if you go to a Chevy dealer and ask for stats on their vehicles, you'll get a biased set of stats. Walk across the street and the Ford guy will show you the polar opposite.
MSRT is a business unit. Of course they are going to pump inflated stats out there. In my estimation, I've seen less than 1% of bots with these capabilities.
Anyway, thanks for the post E. I needed a chuckle in between cups of coffee.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
December 7th, 2005, 05:55 PM
#5
th13- Could it not be the case that there are that many out there, you just haven't seen them because they are invisible? wink wink... nudge nudge...
 And yes, that was said as a joke before anybody gets to upset..
-
December 7th, 2005, 07:53 PM
#6
LOL. I think it's more likely that hosts taking part in the MSRT "project" are reporting back information based on Microsoft's definition of a rootkit. It it my experience that most AV scanners aren't capable of detecting rootkits so to see a high number like 20% seems very unrealistic. Again, using multiple techniques, I've seen less than 1% coverage into the rootkit/keylogger payload in bots.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
December 7th, 2005, 07:58 PM
#7
Hey Hey,
It definately seems high.... but an even bigger question is... if they're Stealth... how is Microsoft finding them.... come on... You can use Stealth to refer to something that you've "easily" detected.
Peace,
HT
-
December 7th, 2005, 09:20 PM
#8
I agree with Hoss~ in that "rootkits" are not what one normally associates with Windows; there are other more reliable ways to exploit/infiltrate that OS. Sure, they exist, but they are somewhat "rare"?
You can use Stealth to refer to something that you've "easily" detected.
Exactly!..............all you need to do is make it slightly less than obvious/standard, and it is "stealth"?
I think that just about shares my cynicism with "marketing hype"
It looks like marketing tied in to a mis-definition situation to me?
-
December 7th, 2005, 09:23 PM
#9
if they're Stealth... how is Microsoft finding them.... come on... You can use Stealth to refer to something that you've "easily" detected.
This is my point. Based on what MS considers a "rootkit" dictates the statistics you're given.
I give it my turd polishing stamp of approval. This is poop. It's been polished. It's now shiny and pretty poop.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
December 7th, 2005, 11:12 PM
#10
One question...to anyone...
if Microsoft is saying it is being bombarded with rootkit's and the virus writers are using more "sophisticated techniques to hide malicious programs"...how is this good for Microsoft in the way of promotion or marketing...why would they lie about figures that appear to detrimental to sales???
I would be less inclined to buy Microsoft knowing it has a high rate of infestation.
Eg
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
