“Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code,” Matthew Broersma reports for Techworld. “The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.”
“The rootkit is ‘unique given the techniques it uses,’ Symantec’s Elia Florio wrote in a recent analysis. ‘It can be considered the first-born of the next generation of rootkits.’ Rustock.A uses a mixture of old techniques and new ideas to make it “totally invisible on a compromised computer when installed,” including a beta version of Windows Vista, Florio wrote,” Broersma reports.
“Symantec believes the rootkit originates from Russia, and a string found in the rootkit’s code indicates new versions will probably be forthcoming. Symantec has already logged a variant called Backdoor.Rustock.B,” Broersma reports.
Broersma reports, “F-Secure noted Rustock’s use of NTFS’ Alternate Data Streams (ADS) as one significant example of its advanced behaviour… According to researchers, other factors that help make Rustock invisible are that it has no process, instead running inside the driver and in kernel threads. It doesn’t hook into any native API, and controls kernel functions via special IRP functions. It removes its entries from kernel structures, and the SYS driver is polymorphic, changing its code from sample to sample.”
Full article here.
MacDailyNews Take: Tellingly, Windows Vista’s near-total obscurity does absolutely nothing for its “security.”
Mac OS X, virus-free for over five years and counting.
By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – Click here to find out more.
Life’s too short. Get a Mac.
Related MacDailyNews articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
very good mdn, nice take
What a wonderful future our Windows apologists have to look forward to.
I was wondering when this was going to hit the site. I read about this about a week and a half ago. Nonetheless, this further proves how pathetic the Windows hegemony truly is.
If only anal-ysts would write THIS in their blogs!!! WHY DON’T THEY? Is Microsoft bribing them? Actually, that wouldn’t surprise me….
MW:
“It really is coming down to just Apple and Microsoft. If, for some reason, we make some giant mistake and Microsoft wins, my personal feeling is that we are going to enter a sort of computer dark ages for about twenty years.”
(Adapted from Steve Jobs, February 1985)
time to invest in an office furnature comapny in Redmond…the chairs are going to be flying soon…..
Apple’s stock is starting its elevator ride up, future is looking very good.
Good take, MDN. I thought the exact same thing.
The “take” isn’t a bad one. But there is nothing to stop a similar thing from happening to OS X. Complacency can be a killer.
The “take” isn’t a bad one. But there is nothing to stop a similar thing from happening to OS X. Complacency can be a killer.
true… but OS X is, what, 5 going on 6 years old and Vista hasn’t even been released yet. and far as i can tell Apple hasn’t been exactly “complacent”.
MW: “not”
“That there Vista sounds like a good deal! Not.“
“Complacency can be a killer.”
Why would anyone assume that complacency exists. Despite the fact that there are no in-the-wild viruses for Macs, I feel pretty confident that Apple is on top of things, and as a Mac user I still am aware that there are things to be concerned about.
I think about this when entering my password for anything and practice common sense and discretion when doing so.
I don’t think M$ has been complacent the last couple of years, either. It’s just Doze is so kluged up that there really isn’t much that can be done but a total re-write of Doze code, and with the installed base, that isn’t likely to ever happen.
macromancer: Agree 100%.
jay: EXACTLY. This is what the average pc buyer just doesn’t get, and what the average IT professional won’t fess-up to.
Until Windows goes completely away, MS will never ever be able to really “fix” Windows. They are stuck in a real-world infinite loop.
Hello all.
Interesting comments. I did have just one question.
Just why does Microsoft have to produce a new OS that is backwards compatible??
Is it just Greed? Got to sell to all those old users of MS.??
Is it just stupidity?
Old software for old computers, new software for newer computers. I really hate it that my old bundy blue iMac is not upgradeable and that it really cannot surf the internet anymore cause all the browsers need OS X to run. But–
C’est la vie. I can get a G4 that works fine for pretty cheap now if I need an internet surfer.
Anyway, MS is going to be doomed (IMHO) if they do not seperate their OS into old and new. THe new viruses and malware are going to eat them up. JMHO.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Later,
N.
Let’s not forget that everything runs on Windows, not Mac OS X, utilities, airlines, financial transactions, bank accounts, etc. I think Apple should help Microsoft with this virus problem, since the daily lives of millions of people depend on computers. And I would suggest the death penalty for virus makers, at least the really destructive ones.
More of the same from Microsoft. The rolling monstrosity of Microsoft, backed by years of economic inertia, has reached the incline of reality in the foothills of a new and better benchmark of technological relevance and promise.
Just why does Microsoft have to produce a new OS that is backwards compatible??
Because Microsoft makes the vast majority of its money selling to large business clients. And these beasts move very slowly. They likely won’t upgrade to Vista until years after it’s (finally) released. Business clients simply aren’t interested in an OS that won’t run their vast libraries of legacy software.
Nevertheless, Microsoft has to cut the cord eventually. How they’re going to pull it off is the huge question.
Look, if Microsoft Vista goes down in flames, don’t think sweaty, towel-boy Ballmer and the Boys won’t try to take Apple OS X down with them. They have the bucks and the motive (if OS X succeeds, and Vista fails) to create a rootkit for Office for Mac, not to mention develop a few Mac viruses, to make it appear that the Mac is vulnerable.
I’d hate to spoil the party but the only reason why this rootkit affected “a Beta version of Vista” is because Vista’s anti-rootkit mechanism isn’t implemented in the 32-bit version.
Read:
http://zdnet.com.au/news/security/soa/Legitimate_rootkits_soften_Vista_security/0,2000061744,39259227,00.htm
The 64-bit version of Vista will not be affected by this rootkit.
> It removes its entries from kernel structures, and the SYS driver is polymorphic, changing its code from sample to sample…
This stuff is starting to sound like science fiction.
> Vista’s anti-rootkit mechanism isn’t implemented in the 32-bit version.
Why not?
Pointy:
Help me out here, are all versions of Vista to be released all 64-bit?
LordRobin: “Nevertheless, Microsoft has to cut the cord eventually. How they’re going to pull it off is the huge question.”
—> I can’t even begin to imagine how they are going to do this either. Although, with the pace of virtualization technology moving forward as it is, I think that this is their only option to keep backward compatibility. They are going to have to write a new OS from the ground up *AND* use virtualization for backward compatibility. The hardware is capable of it now. Meanwhile during the wait, Linux will be making inroads. If MS can come out with a *totally* new OS and have some pretty seemless virtualization tech, they *may* be able to pull it off. IMO that is the only way they can cut the cord at this point.
“Symantec believes the rootkit originates from Russia”
—> Russia? Who would of thunk it?
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
It would be really embarassing for MS if Vista turns out like XP in terms of virus vulnerabilities what with all the talk of superior secureness by of Vista and the delays of the product. Hey, if you think about the security situation in XP its already embarassing enough (its just that we go used to it).
Ken:
>Why not?
No particular reason. There are 3 or so features that are not present in the 32-bit versions of Vista including Kernel Patch Protection (the anti-rootkit feature), memory address randomization to help mitigate code execution exploits, and signed driver requirements for system stability.
None of these features require 64-bit but MS decided to make them 64-bit exclusives. Why? Who knows. Maybe it’s to force people to the 64-bit architecture or maybe MS is getting a cut from Intel and AMD for every 64-bit processor sold =p
Ay Caramba!:
>Help me out here, are all versions of Vista to be released all 64-bit?
Nope, I believe all editions of Vista will come in 32 and 64-bit versions except for Entreprise and Ultimate.
On a side note, the 64-bit version will lose one feature that the 32-bit version has: the 64-bit version of Vista cannot run 16-bit apps, so bye bye DOS apps. This loss in functionality IS due to the 64-bit architecture. The 32-bit version doesn’t have this problem and can run 16-bit apps just like XP can.