http://www.networkworld.com/news/2008/071508-rustock-rootkit.html



By Ellen Messmer

Network World 

07/15/2008 



Rootkits are software code designed to hide from detection. So Kaspersky 

Lab's hunt for the elusive Rustock.C rootkit, rumored to exist for 

almost two years, reads like a detective plot.



Alexander Gostev, Kaspersky Lab's senior virus analyst, tells the tale 

in his blog Tuesday on Viruslist. According to Gostev, the Russian 

security firm Dr. Web in early May announced its experts had obtained a 

sample of Rustock.C in March but the sample it shared with the rest of 

the antivirus community lacked a 'dropper', the file designed to install 

the rootkit on the system.



"The sample of the rootkit's body distributed by Dr. Web was a 

244,448-byte Windows driver," Gostev writes in his blog "Rustock and All 

That".



If the dropper had been provided, "this file could have significantly 

simplified the work carried out by other antivirus laboratories to 

analyze the rootkit and develop procedures to detect and treat 

Rustock.C. It might also have helped to clarify how the rootkit had 

originally spread."



[...]





_______________________________________________      

Attend Black Hat USA, August 2-7 in Las Vegas, 

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings 

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.  

Visit product displays by 30 top sponsors in 

a relaxed setting. http://www.blackhat.com



Received on Wed Jul 16 2008 - 01:11:25 PDT