In these “Stormy” times, here at Symantecwe regularly warn users to be wary of following links in unsolicitedemail. Could it be considered a coincidence then that I received thefollowing gem directly to my work email:
(Click for larger image)
Was this a clever use of reverse psychology by phishers or malwareauthors? Or, had I really received an unsolicited (and unsigned) emailfrom the author of a couple of recent whitepapers on "footprinting" andsocial engineering, asking me to click on a link?
It turns out it was the latter. Thankfully the link wasn’t malicious(the lack of misspellings in the mail was one of few clues!), but somepeople need to start practicing what they’re...
Commercial rootkits were first brought to the public's attention with the infamous Sony DRM case. This was followed a few months later by a rootkit component included on some KinoWelt DVDs.This rootkit was part of Alpha-DVD content-protection software,produced by Korean company Settec. Discussion surrounding commercialrootkits has died down somewhat since then, however this doesn't meanthat they've gone away.
Recently we added detection for a rootkit which is installed byKorean online shopping site, Cashmoa. In order to log onto the site,the user is required to install a software package. This packageincludes a driver called cmdriver.sys. The driver behaves like arootkit by hiding processes which use a particular name. The...
