http://www.networkworld.com/news/2008/071508-rustock-rootkit.html
By Ellen Messmer
Network World
07/15/2008
Rootkits are software code designed to hide from detection. So Kaspersky
Lab's hunt for the elusive Rustock.C rootkit, rumored to exist for
almost two years, reads like a detective plot.
Alexander Gostev, Kaspersky Lab's senior virus analyst, tells the tale
in his blog Tuesday on Viruslist. According to Gostev, the Russian
security firm Dr. Web in early May announced its experts had obtained a
sample of Rustock.C in March but the sample it shared with the rest of
the antivirus community lacked a 'dropper', the file designed to install
the rootkit on the system.
"The sample of the rootkit's body distributed by Dr. Web was a
244,448-byte Windows driver," Gostev writes in his blog "Rustock and All
That".
If the dropper had been provided, "this file could have significantly
simplified the work carried out by other antivirus laboratories to
analyze the rootkit and develop procedures to detect and treat
Rustock.C. It might also have helped to clarify how the rootkit had
originally spread."
[...]
Received on Wed Jul 16 03:11:25 2008