Get Ready For The New Nasty Round of Rootkits
I came across this article while reviewing some Digg posts. In a nutshell, it looks like some Russians have come up with a way to have their malware be even better at avoiding detection than the normal run-of-the-mill rootkits. Ths new one called Rustock is polymorphic, scans for installed rootkits detectors, and changes it behavior accordingly. F-secure has apparently developed a tool to detect this called Blacklight.
Another scanner worth of mention here is Rootkit Revealer by Sysinternals. Sysinternals provides an awesome site with a bunch of free tools for all you windows sysadmins. I highly recommend checking it out. FYI, these tools were developed by the guy (Mark Russinovich) that discovered Sony's rootkit. Here is Mark's blog post that started all of the hubbub.
Anyway, the battle between the white hats and the black hats continue...
