Hackers Serving Rootkits with Bagles 150
Iran Contra writes "Security researchers at F-Secure in Finland have discovered a rootkit component in the Bagle worm that loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners. Bagle started out as a simple e-mail borne executable and the addition of rootkit capabilities show how far ahead of the cat-and-mouse game the attackers are."
Am I wrong (Score:5, Insightful)
In the end, they're just another piece of cut and paste code for script kiddies.
Human intervention still needed... (Score:1, Insightful)
So, malware makers are not so much "ahead of the game" as "still reliant on the problem that exists between the keyboard and the chair."
Re:The evolving virus (Score:5, Insightful)
Changing which registry key a worm modifies, or what files a virus affects will cause wildly varrying effects, 99.9999% of which will cause either no discernable effect, or blue screen the system. This is not a good setup for the GA to figure out what works best.
So despite the similarity in name and function with biological viruses, computer virii (and worms, trojans etc) are not really evolvable, but need to be engineered.
Rootkits are the new bootsector (Score:3, Insightful)
What we CAN do to relieve this plague is take away the motivation behind viruses. They don't exist just for fun, they serve a purpose.. DDoS is a lucrative racket. If we can somehow make an infected PC less valuable to the attacker, to the point where it's not even worth infecting, the virus threat will slow down to a crawl. Why don't we have more Linux viruses ? Because it's a high-risk, low-potential target. If Microsoft could accomplish the same level of security with the average Windows PC, virus authors would have to go out and get real friggin jobs for once.