Перейти к содержимому


Фото
- - - - -

Win32.Ntldrbot (aka Rustock.C) no longer a myth, no longer a threat. New Dr.Web scanner detects and cures it for real

Автор News Robot , май 06 2008 10:42

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 012 Сообщений:

Отправлено 06 Май 2008 - 10:42

May 6, 2008


Doctor Web, Ltd. – a Russian developer of IT-security solutions branded Dr.Web – releases a new version of Dr.Web scanner that successfully detects Win32.Ntldrbot (aka Rustock.C) and cures system files infected by the rootkit. Currently no other anti-virus can detect the malicious program.



These days the world marked the thirtieth anniversary of spam. It went a long way from an annoying advertisement of Hormel Foods canned ham to mass mailings of unsolicited mail that became a worldwide issue. Many of us notice our traffic increase for no apparent reason and experts assess up to 90 per cent of our e-mail correspondence to be completely irrelevant and irritating. Win32.Ntldrbot is one of the reasons behind the booming activity of spammers.


The main task of Win32.Ntldrbot is infecting PCs, turning them into spamming bots in botnets – vast spam mailing networks. Besides, the rootkit remains completely undetected. Supposedly, it has been doing so since October 2007! According to Secure Works, the botnet built by Rustock is the third largest and distributes around 30 billion spam messages daily, most of them are about securities and medicines.


The author of the rootkit started testing new technologies of interception of the network driver functions and hiding in a system at the end of 2005 or at the beginning of 2006, when the first beta of the malware appeared. Rustock.B also came into living in 2006. It was able to bypass firewalls and hide spam traffic. Anti-virus vendors easily detected and removed these variants of the rootkit.


However, its next variant - Win32.Ntldrbot - turned out to be a tough one: neither anti-virus companies, nor virus makers were able to obtain a sample of the malware. There is no crime without evidence. So most anti-virus vendors announced that the malware didn’t exist since none of them had found it, and there was no use searching for a myth.


Meanwhile, Win32.Ntldrbot turned out to be real.




Some anti-virus labs didn.

http://info.drweb.com/show/3342?lng=en
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·