Feeds

back to article Rootkit unearthed in network security software

Researchers have unearthed rootkit-like functionality in an enterprise security product. Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports. Files in the hidden directory could exist below the radar of antivirus scanners, …

COMMENTS

This topic is closed for new posts.
Linux

Your AV scanner sucks.

"Files in the hidden directory could exist below the radar of antivirus scanners"

If the above is true you really REALLY need a new AV tool.

Or just switch to Linux.

0
0
Jobs Halo

This is exactly .....

what I predicted on the Register few weeks ago. I saw the article in Sunday Times about the

chip and pin machines in Supermarkets that had a Chip installed on them by the Chinese mafia that sent all details of credit cards to a phone number in Pakistan. I suggested then that there

are likely many many more of these root kits on hard drives produced in China and Far East

than we care to believe. I think that there is a major issue here and the S**** will eventually hit the fan.

0
0

Hidden folder?

Wouldn't "dir /a:h" handle that?

0
0
Coat

re KarlTh

Nah... but "rm -rf /" if entered in the terminal of a *nix system with read-write to that volume surely will.

it's the one with "No Monkeyboys Allowed" on the back, thanks.

0
0

you are belong to us

shocked? yes.

surprised? no.

0
0
jon
Alert

kernel not meta flags

the 'hidden' directories are actually hidden at the kernel level, not with the hidden filesystem flag. It requires running linux to spot these directories as they as all masked within MS's products. A quick google shows it's a special name like \System32\$sys$filesystem

0
0
Pirate

@kernel not meta flags

why would Microsoft let that be possible ?

make you wonder about that nsakey thing a few years ago.

Should have a black helo icon lol

0
0
Anonymous Coward

Who do you trust?

Wait until they start embeding the backdoors into CPU microcode, and locking it with encryption that varies per CPU.

0
0

why do i feel uneasy when reading

Chinese security Software .... brrr . chills crawl over my spine...

0
0

I thought...

...they probably were - once you've got your own code running in the kernel you can make the OS hide anything. But "hidden directory" has a specific meaning within a Windowsbox, so it's a tad misleading. Just wanted to clarify.

What if you slave the drive off another system? Will the unrootkitted OS see it? I'm trying to get an angle on what's being done here.

0
0
Flame

Just to remind everybody...

...that it seems the prerequisite for this rootkit is another piece of malware called "Windows." (definition of malware: software which keeps you from using your computer the way you want to)

0
0
Alien

The Broodwich?

"BRUDEVIC" -> The Broodwich?

The alien... to honor the mooninites.

0
0
Boffin

Linux (f)lameboys

Why is a rootkit called a rootkit?

Because it first appeared on UNIX style systems (the "root" part of rootkit..... geddit?).

Not only is Linux/UNIX very vulnerable to this sort of malware, it started there, as KarlTh hints at, the only sure-fire way of detecting one is to mount the hard drive on a system that wasn't booted from it.

I fixed a Linux PC about four months ago that got rooted, it was built specifically (Ubuntu/Open Office) for a novice use and was assured to be 'invulnrable' from viruses (meaning malware), but oddly enough was turned into a spam relay that didn't have any mail relaying processes listed during a ps listing, nor anything in the startup, the files were invisible until you booted off a (in this case) USB Linux boot disk.

There are thousands of pieces of malware (virus/trojan/worm) for Linux/UNIX, if it ever became popular for the home market, which it isn't, then it will be targeted more agressively, more importantly if a single flavour (Ubuntu?) became more popular (like OSX) then then a common set of predictable interfaces (like Win32 has) would mean easier spread.

0
0
Silver badge
Linux

Rootkit on the Buntu (Mike)

"it was built specifically (Ubuntu/Open Office) for a novice use and was assured to be 'invulnrable' from viruses (meaning malware), but oddly enough was turned into a spam relay that didn't have any mail relaying processes listed during a ps listing, nor anything in the startup, the files were invisible until you booted off a (in this case) USB Linux boot disk."

That my dear sir means there has been some incredibly sloppy sysadmining going on...

And it smells suspiciously like lame (at best, so-so) problem fixing, too.

Not that Linux (or any OS, for that matter) is immune to that kind of things, but I wouldn't write "very vulnerable" either.

0
0
This topic is closed for new posts.