Microsoft warned of a new generation of spyware that is almost impossible to detect


Status
Not open for further replies.

FIR

New Member
Jan 3, 2005
82
0
0
#1
Kernel Rootkits could be the next bad thing

By Nick Farrell: Friday 18 February 2005, 08:25
A HITHERTO OBSCURE security expert and software colossus, based in Redmond and called Microsoft has warned of a new generation of spyware that is almost impossible to detect.

According to Computerworld, Volish experts told the RSA security conference that system monitoring programs, or "kernel rootkits", are undergoing a transformation at the moment.

Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group said that the malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

Rootkits run quietly in the background and can be spotted by looking for memory processes that are running on the infected system.

However, kernel rootkits, which modify the kernel, or core request processing, component of an operating system, are becoming more common, Vole says.

Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools, says Danseglio.

Microsoft researchers have developed a tool, named "Strider Ghostbuster" that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences.

However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.

Read more
 

jsbn

Senior Member
Jul 24, 2002
2,944
0
0
Planet Eropagnis
#2
Da whole OS is an undetectable spyware by itself.... Still need wad 'Kernel Rootkit'? :bsmilie:
 

CYRN

Senior Member
Nov 14, 2002
4,575
0
36
photoevangel.com
#3
jsbn said:
Da whole OS is an undetectable spyware by itself.... Still need wad 'Kernel Rootkit'? :bsmilie:
:bsmilie: :bsmilie: :sweat: :sweat:
 

Lenscapes

New Member
Apr 28, 2004
942
0
0
#6
could the warning be because of this >>>

>>Microsoft has bought two antivirus companies and an anti-spyware company--the latter acquisition has already produced an anti-spyware application for Windows--since Chairman Bill Gates launched the Trustworthy Computing Initiative. That effort changed the company's coding practices to make security developers' first priority. <<<

instil fear and make more moolah.:)
 

Status
Not open for further replies.
Top Bottom