New invisible rootkit hits Windows including Vista

“Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code,” Matthew Broersma reports for Techworld. “The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.”

“The rootkit is ‘unique given the techniques it uses,’ Symantec’s Elia Florio wrote in a recent analysis. ‘It can be considered the first-born of the next generation of rootkits.’ Rustock.A uses a mixture of old techniques and new ideas to make it “totally invisible on a compromised computer when installed,” including a beta version of Windows Vista, Florio wrote,” Broersma reports.

“Symantec believes the rootkit originates from Russia, and a string found in the rootkit’s code indicates new versions will probably be forthcoming. Symantec has already logged a variant called Backdoor.Rustock.B,” Broersma reports.

Broersma reports, “F-Secure noted Rustock’s use of NTFS’ Alternate Data Streams (ADS) as one significant example of its advanced behaviour… According to researchers, other factors that help make Rustock invisible are that it has no process, instead running inside the driver and in kernel threads. It doesn’t hook into any native API, and controls kernel functions via special IRP functions. It removes its entries from kernel structures, and the SYS driver is polymorphic, changing its code from sample to sample.”

Full article here.

MacDailyNews Take: Tellingly, Windows Vista’s near-total obscurity does absolutely nothing for its “security.”

Mac OS X, virus-free for over five years and counting.

By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious.Click here to find out more.

Life’s too short. Get a Mac.

Related MacDailyNews articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005

22 Comments

  1. If only anal-ysts would write THIS in their blogs!!! WHY DON’T THEY? Is Microsoft bribing them? Actually, that wouldn’t surprise me….

    MW:
    “It really is coming down to just Apple and Microsoft. If, for some reason, we make some giant mistake and Microsoft wins, my personal feeling is that we are going to enter a sort of computer dark ages for about twenty years.”

    (Adapted from Steve Jobs, February 1985)

  2. The “take” isn’t a bad one. But there is nothing to stop a similar thing from happening to OS X. Complacency can be a killer.

    true… but OS X is, what, 5 going on 6 years old and Vista hasn’t even been released yet. and far as i can tell Apple hasn’t been exactly “complacent”.

    MW: “not”

    “That there Vista sounds like a good deal! Not.

  3. “Complacency can be a killer.”

    Why would anyone assume that complacency exists. Despite the fact that there are no in-the-wild viruses for Macs, I feel pretty confident that Apple is on top of things, and as a Mac user I still am aware that there are things to be concerned about.

    I think about this when entering my password for anything and practice common sense and discretion when doing so.

  4. I don’t think M$ has been complacent the last couple of years, either. It’s just Doze is so kluged up that there really isn’t much that can be done but a total re-write of Doze code, and with the installed base, that isn’t likely to ever happen.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.