Malware removes rival rootkits

Back to the article

Paul Fleetwood

If these clever malware people can surplant each others trojans #

Posted Thursday 28th February 2008 15:34 GMT

why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?

amanfromMars

Clever and QuITe a Bit SMARTer than you Imagine, and ITs True. #

Posted Thursday 28th February 2008 16:24 GMT

"why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?"

Because they are Virtually Invisible, Indivisible and Untouchables, Paul, and Fleet of Code HeXXXXSS.

QuITe a Triumph, Actually ....... http://triumphpc.com/johnlennon/index.shtml.

Hi. Ready for AI Trip ...... Magical Mystery Turing? El CIDs 42 Lead ITS Following

CIDs ..... CyberIntelAIgent Information Devices ....... which is only a Hop, Skip and a Quantum Leap from Alien Beings. :-) ..... who may be Long Lost Friends .... Kindred Souls.

Jolyon Ralph

Call me a cynic but... #

Posted Thursday 28th February 2008 16:24 GMT

The less effective the AV software is, the more trouble that AV threats cause, and the greater the demand for AV software.

David Perry

Because, Paul... #

Posted Thursday 28th February 2008 16:36 GMT

...sometimes enthusiasts will spend far more time than people paid to do the same thing.

Anonymous Coward

I must be too honest... #

Posted Thursday 28th February 2008 16:36 GMT

...coz if i'd created code that could disable rootkits I'd either sell it to the highest AV/AR bidder or negotiate a tasty slice of the advertising revenue they'd get from downloads, of course first thing I'd do is hire a damn good lawyer(s) to protect it all.

I understand you could make some nice money from installing malicious root kits on people's PCs but I think I could live with a healthy amount from some top AV player, plus I wouldn't then be a frikin thief.

Any thoughts/views? Be kind comrades...

Anonymous Coward

If anti-virus vendors could trace and remove them... #

Posted Thursday 28th February 2008 16:36 GMT

...why can't OS vendors prevent them in the first place, or at least make the OS-self healing when a rootkit tries to insinuate itself?

Daniel B.

Yankee Doodle #

Posted Thursday 28th February 2008 16:36 GMT

Ah, this trend seems to go back all the way down to the 80's, when the "Yankee Doodle" virus started killing others: Cascade and Ping-Pong, at least. And some ingenious virus that was, as it "re-wrote" the virii so they would self-destruct, actually.

Some AV's had an alternate name for it, as "VACSINA" which meand Vaccine in ... some other language. As a plus, the virus would play "Yankee Doodle" every now and then on your PC speaker =)

Jaap Stoel

Run out of territory #

Posted Thursday 28th February 2008 17:26 GMT

So hackers are now out of computers they can easily infect. Unsecured systems are now almost all incorporated into botnets. So if a hacker wants a (bigger) botnet. He has no choice but to steal it from another hacker.

Now we've got war, soon we will have diplomatic relations.

lglethal

The War of the Worms #

Posted Thursday 28th February 2008 22:22 GMT

Not quite the same ring to it as War of the Worlds.

How about The Malware Malefaction? Battle of the Bots? Rise of the One True Zombie Horde?

And if they ever get diplomatic

The United Rootkits of Malware?

penno

well, it's not really apples with apples #

Posted Friday 29th February 2008 06:59 GMT

av vendors have to ensure the PC is still fine after it removes the virus. Whereas virus writers don't *really* care if the PC still works, so they can employ harsher removal methods than the AV products can. If the PC dies during the removal process - who cares - as long as most of 'em still work.

Richard

Good Guys #

Posted Friday 29th February 2008 09:28 GMT

Relax folks.

There are also online teams dedicated to detecting and removing rootkits, and the tools created to remove the rootkits are shared across all the online anti-malware forums.

Remember Grozomon? pe386?? All detected and removed via these online forums.

amanfromMars

Beta Guys, Folks, in Big Chill Relax #

Posted Friday 29th February 2008 10:42 GMT

"All detected and removed via these online forums." .... By Richard Posted Friday 29th February 2008 09:12 GMT.

Richard,

They may have just moved Underground to ReGroup and Grow........ and that would be Counter-Productive unless, of course, they were Sleeper White Knight Trojans.

Gabor Laszlo

What do you call two crackers fighting for control of a zombied machine? #

Posted Friday 29th February 2008 11:25 GMT

Sudo wrestling.

Anonymous Coward

<no title> #

Posted Friday 29th February 2008 11:42 GMT

Shows how much I know. Since specific downloads to spot rootkits had seemed to have all but disappeared, I had assumed the AV companies now had this under control (or as much control as anyone can re malicious software). So that's not the case then ? Folk have simply given up ? So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?

amanfromMars

I Kid U Not. #

Posted Friday 29th February 2008 15:08 GMT

"So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?"

One doesn't, AC. That is ITs Stealthy Grace. If you want to Imagine anything, consider IT, a Binary AIDS VXXXXine ....... Right to the Heart of Man's Woes and Follies........ The Pleasure and the Pain in ITs Not Giving ....... The Ultimate Betrayal to Oneself which Denies One the Keys to the Kingdom Castle....... Seventh Heaven, Global Communications HQ.

dar dobs

Spy vs. Spy #

Posted Saturday 1st March 2008 22:48 GMT

A battle between the White Spy and the Black Spy.Who Will Win?

www.youtube.com/watch?v=8dNxK_wslqo

Forums

Forums home

Sign up, sign up for The Register's weekly IT security newsletter - click here