If these clever malware people can surplant each others trojans
why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?
Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by …
"why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?"
Because they are Virtually Invisible, Indivisible and Untouchables, Paul, and Fleet of Code HeXXXXSS.
QuITe a Triumph, Actually ....... http://triumphpc.com/johnlennon/index.shtml.
Hi. Ready for AI Trip ...... Magical Mystery Turing? El CIDs 42 Lead ITS Following
CIDs ..... CyberIntelAIgent Information Devices ....... which is only a Hop, Skip and a Quantum Leap from Alien Beings. :-) ..... who may be Long Lost Friends .... Kindred Souls.
...coz if i'd created code that could disable rootkits I'd either sell it to the highest AV/AR bidder or negotiate a tasty slice of the advertising revenue they'd get from downloads, of course first thing I'd do is hire a damn good lawyer(s) to protect it all.
I understand you could make some nice money from installing malicious root kits on people's PCs but I think I could live with a healthy amount from some top AV player, plus I wouldn't then be a frikin thief.
Any thoughts/views? Be kind comrades...
Ah, this trend seems to go back all the way down to the 80's, when the "Yankee Doodle" virus started killing others: Cascade and Ping-Pong, at least. And some ingenious virus that was, as it "re-wrote" the virii so they would self-destruct, actually.
Some AV's had an alternate name for it, as "VACSINA" which meand Vaccine in ... some other language. As a plus, the virus would play "Yankee Doodle" every now and then on your PC speaker =)
So hackers are now out of computers they can easily infect. Unsecured systems are now almost all incorporated into botnets. So if a hacker wants a (bigger) botnet. He has no choice but to steal it from another hacker.
Now we've got war, soon we will have diplomatic relations.
av vendors have to ensure the PC is still fine after it removes the virus. Whereas virus writers don't *really* care if the PC still works, so they can employ harsher removal methods than the AV products can. If the PC dies during the removal process - who cares - as long as most of 'em still work.
"All detected and removed via these online forums." .... By Richard Posted Friday 29th February 2008 09:12 GMT.
Richard,
They may have just moved Underground to ReGroup and Grow........ and that would be Counter-Productive unless, of course, they were Sleeper White Knight Trojans.
Shows how much I know. Since specific downloads to spot rootkits had seemed to have all but disappeared, I had assumed the AV companies now had this under control (or as much control as anyone can re malicious software). So that's not the case then ? Folk have simply given up ? So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?
"So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?"
One doesn't, AC. That is ITs Stealthy Grace. If you want to Imagine anything, consider IT, a Binary AIDS VXXXXine ....... Right to the Heart of Man's Woes and Follies........ The Pleasure and the Pain in ITs Not Giving ....... The Ultimate Betrayal to Oneself which Denies One the Keys to the Kingdom Castle....... Seventh Heaven, Global Communications HQ.