As usual a new threat has sprung out of nowhere and got a lot of folks spooked.
http://www.cio.com/blog_view.html?CID=23011Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code.
The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.
The rootkit is "unique given the techniques it uses," Symantec’s Elia Florio wrote in a recent analysis. "It can be considered the first-born of the next generation of rootkits."
Rustock.A uses a mixture of old techniques and new ideas to make it "totally invisible on a compromised computer when installed," including a beta version of Windows Vista, Florio wrote.
Symantec believes the rootkit originates from Russia, and a string found in the rootkit’s code indicates new versions will probably be forthcoming. Symantec has already logged a variant called Backdoor.Rustock.B.
F-Secure noted Rustock’s use of NTFS’ Alternate Data Streams (ADS) as one significant example of its advanced behavior.
As usual the fact of the matter is to get this beast on your system you have to download something to install it, I suspect this is a storm in a teacup and the AV companies will find a weakness in it soon enough to make it identifiable after all nothing can hide forever, especially given the wide variety of software conficts that may well prove to be this beasts undoing.
Remember to keep those Anti Virus progs up to date
