Eric Howes, who consults with us on spyware issues, writes this about rootkits:
Windows rootkits are malicious programs that use some fancy low-level programming tricks to hide themselves and other files and directories from Windows. When a rootkit is running on your machine, you won’t be able to see it (or the other files it’s hiding) through Windows Explorer. And neither will other standard Windows applications either. They’re effectively invisible, even to Windows itself.
Rootkits are attractive and useful to malware, spyware, and adware creators because rootkits can hide malicious files that take control of users’ PCs and prevent those files from being easily removed. Spyware and adware authors have been especially aggressive is using rootkits to conceal their software on victims’ PCs. The best example is SearchMiracle/Elitebar, which uses a rootkit to hide dozens of files and directories within the Windows directory. Once SearchMiracle/Elitebar is installed, it is very difficult to remove, and users’ PCs are deluged with mysterious pop-ups that seem to come from nowhere.
As with other aspects of malware, rootkit creators and anti-malware companies are now in an arms race of sorts, with rootkit creators finding ever more clever ways to hide their code within Windows and anti-malware vendors scrambling to improve their applications to detect these newer breeds of rootkits.
Some links:
Microsoft Strider Project
(note: contains links to plenty of white papers and such)
Microsoft Rootkit Webcast
News articles
http://www.eweek.com/article2/0,1759,1829744,00.asp
http://www.eweek.com/article2/0,1759,1816972,00.asp
http://www.securityfocus.com/columnists/358
http://www.viruslist.com/en/analysis?pubid=168740859
http://www.eweek.com/article2/0,1895,1841266,00.asp
Anti-rootkit tools for Windows (Note: Most of these are complex programs that require an experienced user).
Microsoft – Malicious Software Removal Tool
Alex
Great blog. I’m always finding blog like yours. It
got my attention and I will go to the site again!
No matter when you are, just stop by and check for my plastic surgery philadelphia blog site.
Charming blog. Your site was off the chain and I
will return! When I get the time I look for blog like
this one.
In my spare time I will look for your people call company conference blog.
Awesome blog. I’m loving the site and I have to
return there soon! Going online, when I have the time,
I look for blogs close to your work!
Please consider looking at my military cash advance blog.
yes antivirus marekt is hot these days. companys provide free things. to peoples for trail purpose. i used many antiviruses. and found kasperky is reliable.also used bitdefender, avast, avg, avira, Bullguard, Vipre, pctools, spyware doctor , treat fire etc