By Ellen Messmer
Rootkits are software code designed to hide from detection. So Kaspersky
Lab's hunt for the elusive Rustock.C rootkit, rumored to exist for
almost two years, reads like a detective plot.
Alexander Gostev, Kaspersky Lab's senior virus analyst, tells the tale
in his blog Tuesday on Viruslist. According to Gostev, the Russian
security firm Dr. Web in early May announced its experts had obtained a
sample of Rustock.C in March but the sample it shared with the rest of
the antivirus community lacked a 'dropper', the file designed to install
the rootkit on the system.
"The sample of the rootkit's body distributed by Dr. Web was a
244,448-byte Windows driver," Gostev writes in his blog "Rustock and All
If the dropper had been provided, "this file could have significantly
simplified the work carried out by other antivirus laboratories to
analyze the rootkit and develop procedures to detect and treat
Rustock.C. It might also have helped to clarify how the rootkit had
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com