Unreal Playground  

Go Back   Unreal Playground > Unreal Playground > Playground Cafe > News Radio

News Radio All the news that Radio sees fit to print!!!

Reply
 
Thread Tools Rate Thread Display Modes
Old 11-18-2010, 03:42 PM   #1
radio667
I R Happy Goat
 
radio667's Avatar
 
Join Date: May 2002
Posts: 10,796
Downloads: 2

Whitehat cracks notorious rootkit wide open

from theregister.co.uk ........... ZeroAccess no more

A malware analyst has deconstructed a highly advanced piece of crimeware believed to be the work of the notorious Russian Business Network

The step-by-step instructions for reverse engineering the stealthy ZeroAccess rootkit is a blow to its developers, who took great care to make sure it couldn't be forensically analyzed. The tutorial means other malware researchers may also study the malware to close in on the people behind it and to better design products that can safeguard against it.

The analysis was written by Giuseppe Bonfa, a malware researcher specializing in reverse engineering at InfoSec Institute, an information security services company. It documents a rootkit that's almost impossible to remove without damaging the host operating system and uses low-level programming calls to create hard disk volumes that are virtually impossible to detect using normal forensic techniques. Sophos's description of the rootkit, which is also known as Smiscer, is here .

“This document shows the inner workings of a recent rootkit which has very advanced technologies,” Pierre-Marc Bureau, a researcher with antivirus provider Eset, wrote in an email. “This teaches a lot in terms of rootkit technologies, how these malware are operated (pay per download in this case), how they are installed on a system, and how they can be detected.”

According to Bonfa, malicious URLs unearthed from the disassembled rootkit use IP addresses associated with the Russian Business Network. ZeroAccess is currently being used as a platform for installing fake antivirus software, but it could obviously be used to force install any software of the author's bidding.
__________________
,


"There is also a river called Helikon [in Pieria]. (...) But, they go on to say, the women who killed Orpheus wished to wash off in it the blood-stains, and thereat the River sank underground, so as not to lend its waters to cleanse manslaughter."

—Pausanias, Description of Greece 9. 30. 8
radio667 is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Once Impenetrable PS3 Cracked Wide Open radio667 News Radio 0 01-26-2010 02:49 PM
Beer fingerprints to go UK-wide Lmhr News Radio 4 10-24-2006 08:40 AM
Notorious sex killer to leave prison Monday godIZme News Radio 11 07-07-2005 02:45 AM
Gmail accounts 'wide open to exploit' - report radio667 News Radio 6 11-01-2004 03:26 PM
Notorious Vietnam prison gets posh resort radio667 News Radio 3 08-02-2004 01:49 PM


All times are GMT -5. The time now is 06:15 PM.


Powered by: vBulletin Version 3 something...
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Style and Content © 2001-2009 Unreal Playground