Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by …
If these clever malware people can surplant each others trojans
why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?
Clever and QuITe a Bit SMARTer than you Imagine, and ITs True.
"why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?"
Because they are Virtually Invisible, Indivisible and Untouchables, Paul, and Fleet of Code HeXXXXSS.
QuITe a Triumph, Actually ....... http://triumphpc.com/johnlennon/index.shtml.
Hi. Ready for AI Trip ...... Magical Mystery Turing? El CIDs 42 Lead ITS Following
CIDs ..... CyberIntelAIgent Information Devices ....... which is only a Hop, Skip and a Quantum Leap from Alien Beings. :-) ..... who may be Long Lost Friends .... Kindred Souls.
Call me a cynic but...
The less effective the AV software is, the more trouble that AV threats cause, and the greater the demand for AV software.
...sometimes enthusiasts will spend far more time than people paid to do the same thing.
I must be too honest...
...coz if i'd created code that could disable rootkits I'd either sell it to the highest AV/AR bidder or negotiate a tasty slice of the advertising revenue they'd get from downloads, of course first thing I'd do is hire a damn good lawyer(s) to protect it all.
I understand you could make some nice money from installing malicious root kits on people's PCs but I think I could live with a healthy amount from some top AV player, plus I wouldn't then be a frikin thief.
Any thoughts/views? Be kind comrades...
If anti-virus vendors could trace and remove them...
...why can't OS vendors prevent them in the first place, or at least make the OS-self healing when a rootkit tries to insinuate itself?
Ah, this trend seems to go back all the way down to the 80's, when the "Yankee Doodle" virus started killing others: Cascade and Ping-Pong, at least. And some ingenious virus that was, as it "re-wrote" the virii so they would self-destruct, actually.
Some AV's had an alternate name for it, as "VACSINA" which meand Vaccine in ... some other language. As a plus, the virus would play "Yankee Doodle" every now and then on your PC speaker =)
Run out of territory
So hackers are now out of computers they can easily infect. Unsecured systems are now almost all incorporated into botnets. So if a hacker wants a (bigger) botnet. He has no choice but to steal it from another hacker.
Now we've got war, soon we will have diplomatic relations.
The War of the Worms
Not quite the same ring to it as War of the Worlds.
How about The Malware Malefaction? Battle of the Bots? Rise of the One True Zombie Horde?
And if they ever get diplomatic
The United Rootkits of Malware?
well, it's not really apples with apples
av vendors have to ensure the PC is still fine after it removes the virus. Whereas virus writers don't *really* care if the PC still works, so they can employ harsher removal methods than the AV products can. If the PC dies during the removal process - who cares - as long as most of 'em still work.
There are also online teams dedicated to detecting and removing rootkits, and the tools created to remove the rootkits are shared across all the online anti-malware forums.
Remember Grozomon? pe386?? All detected and removed via these online forums.
Beta Guys, Folks, in Big Chill Relax
"All detected and removed via these online forums." .... By Richard Posted Friday 29th February 2008 09:12 GMT.
They may have just moved Underground to ReGroup and Grow........ and that would be Counter-Productive unless, of course, they were Sleeper White Knight Trojans.
What do you call two crackers fighting for control of a zombied machine?
Shows how much I know. Since specific downloads to spot rootkits had seemed to have all but disappeared, I had assumed the AV companies now had this under control (or as much control as anyone can re malicious software). So that's not the case then ? Folk have simply given up ? So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?
I Kid U Not.
"So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?"
One doesn't, AC. That is ITs Stealthy Grace. If you want to Imagine anything, consider IT, a Binary AIDS VXXXXine ....... Right to the Heart of Man's Woes and Follies........ The Pleasure and the Pain in ITs Not Giving ....... The Ultimate Betrayal to Oneself which Denies One the Keys to the Kingdom Castle....... Seventh Heaven, Global Communications HQ.
Spy vs. Spy
A battle between the White Spy and the Black Spy.Who Will Win?