Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Spyware Writers Play Cat-and-Mouse with Rootkit Detectors

    Written by

    Ryan Naraine
    Published March 21, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Security researchers have detected the first sign of a cat-and-mouse game between spyware writers and vendors touting new Windows rootkit detection technologies.

      Just weeks after Finnish anti-virus specialist F-Secure Corp. launched a free beta of its new BlackLight Rootkit Elimination Technology, the company admitted that spyware writers were using a known trick to successfully avoid detection.

      “This trick depends on identifying [the] BlackLight process and not hiding from it at all,” F-Secure said in an advisory.

      According to the advisory, the spyware manufacturer that released the Trojan even included a taunt in a marketing message that the Trojan was “Hidden from by F-Secure BlackLight Rootkit Elimination Technology.”

      The company immediately recommended a workaround, urging beta testers to rename the “fsbl.exe” file to something that doesnt contain “fsbl” on its path.

      “This is a good thing to do with any rootkit scanner,” F-Secure said, adding that any beta tester using the BlackLight technology should rename the binary into something random before running it.

      /zimages/1/28571.gifRead more here about F-Secures work fighting worms.

      Robert Hensing, an incident response specialist for Microsoft Corp., confirmed that malicious hackers using a very popular rootkit program were defeating the detection technologies.

      Hensing, who declined an eWEEK.com request for comment, posted a detailed summary of the problem on his Weblog, warning that the freely available RootkitRevealer program released by Sysinternals Freeware was being tricked by HackerDefender, one of the more notorious rootkit programs.

      /zimages/1/28571.gifClick here to read eWEEK.com columnist Larry Seltzers view on the threat of rootkits.

      According to definitions posted by Computer Associates, Hacker Defender is a Trojan creation tool that can also be used to wrap existing Trojans to make them harder to detect.

      “Weve started to get cases where RootkitRevealer, having been downloaded by the customer, is not detecting any hidden files, folders [and] registry entries on the customers machine; yet our own rootkit tools we supply with our IR toolkit come back with hidden files, folders etc.,” Hensing said.

      Noting that the Sysinternals RootkitRevealer worked very similar to Microsofts own Strider GhostBuster Rootkit Detection prototype tool, Hensing said there were discrepancies in the scans run by the two programs because of the way the rogue rootkit was avoiding detection.

      “We decided to investigate and collected some specimens, and it turns out that RootkitReveal is rather easy to defeat if youre using the Hacker Defender rootkit,” Hensing said, providing a detailed explanation of the malicious end-around.

      Hensing said the Hacker Defender rootkit is “by far the most popular in the wild rootkit with the biggest installed user base,” and warned that the latest signs point to something bigger than a cat-and-mouse game.

      /zimages/1/28571.gifClick here to read about how hacking tools can help IT managers stay ahead of hackers.

      “This is just another great example of the arms race we are locked in with the miscreants. Some call it a cat-and-mouse game, but thats far too innocent; I personally am at war with the miscreants, and this is my arms race,” Hensing said.

      He encouraged users to download and run the RootkitRevealer tool but urged that the .exe be renamed to something unique. He said the file name should be random and long to serve as a workaround.

      “Youll have much better success [with a renamed file] until the miscreants counter this move and fire back with something more technically advanced,” Hensing added.

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×