Rustock, also known as “Spambot”, is a family of back door programs with advanced user and kernel mode rootkit capabilities. Rustock has constantly been in development since around November, 2005. Rustock is a tough threat to combat because of its approach of combining multiple evasion techniques to remain undetected by commonly used rootkit detectors, such as Rootkit Revealer, IceSword, and BlackLight.
To start with, Rustock is downloaded from remote Web sites that host Web browser exploits and is then installed on unpatched computers. Along with the Rustock threat, a downloader will download other malicious code and even a misleading application, Spy Sheriff.
The second version of Rustock, named Rustock.B, employs even more sophisticated techniques than its predecessor – the original Rustock.A. Its advanced rootkit...
We have recently seen an increase in the number of zero-day exploits, which indicates that attackers are being more methodical in their discovery and use of software vulnerabilities. A zero-day exploit occurs when a software flaw is only discovered after it is already being exploited in the wild (and there isn’t a patch available from the vendor).
The “window of exposure” is the time frame during which users of vulnerable software will be at risk. This is calculated as the difference in time between when a vulnerability is exploited and when a patch is made available. The average window of exposure from the first six months of 2006 was 28 days – a dangerously large window in which systems and users are at risk. Average time to develop a patch – Time to develop exploit code = window of exposure (31 – 3 = 28 days). While vendors continue to make strides and reduce the amount of time it takes to release a patch, attackers seem to be staying one...
Rootkits are on the rise! We define a rootkit as a component that uses stealth to maintain an undetectable presence on a computer. Above and beyond that, the actions performed by a rootkit are done without end-user consent or knowledge.
Open source offers ready-to-use rootkit applications that are widely available to anybody using the Internet. Even an inexperienced rookie would be able to use a rootkit without having to understand how it works. These hi-tech criminals are money hungry and want to hide their actions and presence on any system they get on. Rootkits are perfect to help them commit fraud and identity theft by granting the attackers unauthorized access to privileged and proprietary information, and launching and hiding other malicious applications on the system. Above all, it leaves the hi-tech criminal with a back door to be able to continue to harm the victimized machine. As well, a large proportion of spyware and adware programs that use...
