A new Trojan program has emerged with such clever evasion tactics that many security experts are calling it “a new chapter” in the fight against malware.
Named Rustock (according to Symantec) or Mailbot.AZ (according to F-Secure), this Trojan employs sophisticated rootkit techniques to evade current security scanning technologies.
 |
| Source: CNET |
“This can be considered the first representative of a new generation of rootkits“, commented Alia Florio, an expert from Symantec. “Rustock.A is a clever combination of old techniques with new ideas – allowing it to comfortably remain outside the detection capabilities of many rootkit detection software“.
Rootkits are now seen as a new, unpredictable threat. They are used to conceal malicious software at the behest of hackers.
In the case of Rustock/Mailbot.AZ, rootkit technology has been employed to disguise a Trojan. This Trojan opens a backdoor on the infected computer, facilitating attacks and breaches by hackers.
In the relentless race against security companies, it seems that the authors of Rustock have thoroughly studied the operational structures of rootkit removal tools.
“Security firms are always trying to stay ahead of the bad guys, but the bad guys have access to their products. They can dissect and discover the weaknesses of those products, combining them with sophisticated techniques to strengthen their own rootkits“, stated Craig Schmugar, vice president of virus research at McAfee.
By employing multiple cloaking methods simultaneously, Rustock is virtually “invisible” within infected systems, even on computers running trial versions of Windows Vista.
To avoid detection, Rustock does not run any processes. Instead, it activates code within drivers and kernel threads.
Furthermore, Rustock also avoids using hidden files, thereby evading application programming interfaces (APIs). These are crucial indicators that rootkit scanning tools rely on during the detection process.
However, the likelihood of users being attacked by this rootkit and Trojan is relatively low. Nevertheless, the security community remains abuzz, as it represents a looming threat on the horizon.
Thien Yi
