‘Invisible’ Rootkit Heralds Trouble Ahead

Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code.

The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.

The rootkit is “unique given the techniques it uses,” Symantec’s Elia Florio wrote in a recent analysis. “It can be considered the first-born of the next generation of rootkits.”

Rustock.A uses a mixture of old techniques and new ideas to make it “totally invisible on a compromised computer when installed,” including a beta version of Windows Vista, Florio wrote.

Related Posts

1. Sony Incident Leads Government to Consider Rootkit Ban
2. Microsoft will wipe Sony’s ‘rootkit’
3. Microsoft Loosens Hold Over 3rd Party Vendors
4. Rootkit Guru: The Evil in Sony BMG
5. ‘Blue Pill’ Prototype Creates 100% Undetectable Malware