funsec mailing list archives
Re: Microsoft: Rootkits and Blaster
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Tue, 6 Dec 2005 11:44:07 -0700
hmm doenst seem as if the malware removal tool (that runs with windows update) would be able to uninstall a kernel level rootkit. you would have to load first in order to beat a good rootkit right? Windows Update Service is hardly ring 0, or am I totally off my rocker? - JP On 12/6/05, Fergie <fergdawg () netzero net> wrote:
Dan, I think they're just talking about 20% of 'malware' detected and cleaned with the Microsoft Malware Removal Tool. - ferg -- "Hubbard, Dan" <dhubbard () websense com> wrote: Hmm, this stat seem way off to me. Either that or a) they don't have detection / removal for mass mailing worms and BOT's or b) the definition of "rootkit" is very broad. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Tuesday, December 06, 2005 8:21 AM To: funsec () linuxbox org Subject: [funsec] Microsoft: Rootkits and Blaster Here are a couple of interesting snippets, both via eWeek. First: "Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes" [snip] More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit. Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility. [snip] http://www.eweek.com/article2/0,1759,1896605,00.asp [snip] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft: Rootkits and Blaster Fergie (Dec 06)
- <Possible follow-ups>
- RE: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Microsoft: Rootkits and Blaster Fergie (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- Re: Microsoft: Rootkits and Blaster Blue Boar (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- RE: Microsoft: Rootkits and Blaster Marius Gheorghescu (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Jason Geffner (Dec 06)