New Rootkit hides itself from common Anti-Virus Programs
It seems like there’s yet another run phase, from the catch-and-run that is the Rootkit/Virus/malware story. This latest rootkit, seems to work in all x86 Windows Operative systems that use NTFS. Yes, even Windows Vista…
This is what an anonymous reader of /. had to report on the event:
“The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn’t seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs.”
I support, and I’m glad that Microsoft made Windows Vista a bit more secure, but what’s the point of blocking all the doors when there’s nothing to stop malware once it’s installed?