funsec mailing list archives

Re: Microsoft: Rootkits and Blaster

From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Tue, 6 Dec 2005 11:44:07 -0700

hmm doenst seem as if the malware removal tool (that runs with windows
update) would be able to uninstall a kernel level rootkit.

you would have to load first in order to beat a good rootkit right?
Windows Update Service is hardly ring 0, or am I totally off my
rocker?

-

JP

On 12/6/05, Fergie <fergdawg () netzero net> wrote:

Dan,

I think they're just talking about 20% of 'malware' detected
and cleaned with the Microsoft Malware Removal Tool.

- ferg


-- "Hubbard, Dan" <dhubbard () websense com> wrote:

Hmm, this stat seem way off to me. Either that or a) they don't have
detection / removal for mass mailing worms and BOT's or b) the
definition of "rootkit" is very broad.


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Fergie
Sent: Tuesday, December 06, 2005 8:21 AM
To: funsec () linuxbox org
Subject: [funsec] Microsoft: Rootkits and Blaster

Here are a couple of interesting snippets, both via eWeek.

First: "Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes"

[snip]

More than 20 percent of all malware removed from Windows XP SP2 (Service
Pack 2) systems are stealth rootkits, according to senior official in
Microsoft Corp.'s security unit.

Jason Garms, architect and group program manager in Microsoft's
Anti-Malware Technology Team, said the open-source FU rootkit ranks high
on the list of malicious software programs deleted by the free Windows
worm zapping utility.

[snip]

http://www.eweek.com/article2/0,1759,1896605,00.asp

[snip]





_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Microsoft: Rootkits and Blaster Fergie (Dec 06)
- <Possible follow-ups>
- RE: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
  - RE: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Microsoft: Rootkits and Blaster Fergie (Dec 06)
  - Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
    - Re: Microsoft: Rootkits and Blaster Blue Boar (Dec 06)
    - Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Microsoft: Rootkits and Blaster Marius Gheorghescu (Dec 06)
  - Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
  - RE: Re[2]: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Jason Geffner (Dec 06)