Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2971
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2968
Total: 2969









Author Topic: Stealthy malware expands rootkit repertoire  (Read 2651 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Stealthy malware expands rootkit repertoire
« on: 30. September 2008., 19:18:31 »


Security researchers have discovered one of the most subtle and sophisticated examples of Windows rootkit software known to date.

The AutoRun-NOX worm extends the standard VXer trick of using software vulnerabilities to infect systems, by including functionality that allows the worm to exploit Windows security bugs to hook into parts of the Windows system that operate below the radar of anti-virus packages.

"Most malware with rootkit functionality will tamper with the Windows kernel and attempt to execute code in kernel mode," net security firm F-Secure reports. "Typically, a special driver is used to do this... AutoRun.nox is different — it uses a vulnerability to do the job. For malware, it's rather unique to see such a technique being used."

The worm uses a long-standing Windows vulnerability, patched by Microsoft in April 2007, involving a GDI privilege elevation flaw. If the attack using the vulnerability fails, the worm falls back to plan B - using the more common (but less elegant) driver method.

A blog posting by F-secure containing screenshots and a detailed technical run-down of the worm's modus operandi can be found here: http://www.f-secure.com/weblog/archives/00001507.html

News Source: The Register

Samker's Computer Forum - SCforum.info

Stealthy malware expands rootkit repertoire
« on: 30. September 2008., 19:18:31 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023