12/6/2005

Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes

Filed under: — By Aviran Mordo @ 11:31 am

More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.’s security unit.

Jason Garms, architect and group program manager in Microsoft’s Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility.

“I can tell you that FU is the fifth most removed piece of malware. We’re finding the FU rootkit in many different versions of Rbot,” Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.

In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month.

WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.

“Hacker Defender,” another rootkit program that is available for sale on the Internet, has also been detected and deleted regularly.

Source: eWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress