If you use the handy anti-malware tool ComboFix:
if a computer is infected with a new form of malware
(which apparently uses rootkit technology) and ComboFix
is run on it, critical system files can be deleted.
The author has ceased distribution of the program until
the problem is fixed. I can't find any information on the
malware, but i'll post when it is available.
Link to discussion.
Sunday, February 18, 2007
Friday, February 16, 2007
Unreal.B to be Released Next Week
**Release has been delayed for a few weeks due to
some bugs that need to be worked out.
Yet another advance of rootkit technology (and soon
for detection) from the Russian team behind the
program RKU: next week they will release a new version
of their ARK (anti-rootkit) test program, dubbed 'Unreal'.
Version 2 will most likely bypass all known ARKs, including
the latest version of their own top-notch software. It won't
be long, I suspect, until RKU is updated to detect and
remove Unreal.B
More info on Unreal.B (scroll down for an English translation)
See my previous post about version 1, Unreal.A
See my last post(below) for more info on RKU.
some bugs that need to be worked out.
Yet another advance of rootkit technology (and soon
for detection) from the Russian team behind the
program RKU: next week they will release a new version
of their ARK (anti-rootkit) test program, dubbed 'Unreal'.
Version 2 will most likely bypass all known ARKs, including
the latest version of their own top-notch software. It won't
be long, I suspect, until RKU is updated to detect and
remove Unreal.B
More info on Unreal.B (scroll down for an English translation)
See my previous post about version 1, Unreal.A
See my last post(below) for more info on RKU.
Saturday, February 10, 2007
Leaving Babylon
Makers of the tiny, powerful RootkitUNhooker have released
a new version. Earlier, I posted about the Unreal rootkit test file,
which bypassed nearly every known anti-rootkitter; version
3.20 of RKU detects Unreal.A
*Here's a list of some of the rootkits that RKU detects and removes.
*Latest version: 3.20.130.388 [updated February 18th, 2007]
*Info about the next version:
version 3.30 will include:
added: DKOH detection (not unhookable) for common kernel objects
added: ability to dump kernel memory region
added: AntiRkU and based tools bypassing, xdf updated to v0.7
fixed: few bugs in driver, related to self-protection part
And some other features not listed here, because they are not ready yet.
Release date: as soon as it will be ready
-Thank you, independent coders, for advancing security software
farther than any AV company ever could.
~~
Another interesting note: while reading the RKU forum, I happened
upon a post by someone requesting source code for the program.
One of the authors of RKU responded:
"If we give sources for public, they also will be used for malware
purposes."
a new version. Earlier, I posted about the Unreal rootkit test file,
which bypassed nearly every known anti-rootkitter; version
3.20 of RKU detects Unreal.A
*Here's a list of some of the rootkits that RKU detects and removes.
*Latest version: 3.20.130.388 [updated February 18th, 2007]
*Info about the next version:
version 3.30 will include:
added: DKOH detection (not unhookable) for common kernel objects
added: ability to dump kernel memory region
added: AntiRkU and based tools bypassing, xdf updated to v0.7
fixed: few bugs in driver, related to self-protection part
And some other features not listed here, because they are not ready yet.
Release date: as soon as it will be ready
-Thank you, independent coders, for advancing security software
farther than any AV company ever could.
~~
Another interesting note: while reading the RKU forum, I happened
upon a post by someone requesting source code for the program.
One of the authors of RKU responded:
"If we give sources for public, they also will be used for malware
purposes."
Wednesday, February 7, 2007
Decryption Challenge part 3
Here's a tougher one. Figure out what book I am
referring to using some or all of the following clues:
(tildes separate the parts of code)
Hints: many ascii de/encryption sites exist.
Double encryption anyone?
ecisionsday reaay otnotnotnay ertaincay
~~~
6d 69 74 20 70 72 65 73 73
~~~
b3h4v10r4l, c45h
~~~
MDExMDAxMTEgMDExMDExMDAgMDE
xMDEwMDEgMDExMDExMDEgMDAxMD
ExMDAgMDAxMDAwMDAgMDExMDAw
MTEgMDExMDEwMDAgMDExMDAxMD
EgMDExMTAwMTAgMDAxMDAwMDAg
MDAxMDEwMDAgMDExMDAwMDEgMD
ExMDAxMDAgMDExMDAxMDAgMDAxM
DAwMDAgMDAxMDEwMDE
~~~
%79%74%69%73%72%65%76%69%6e%
75%20%6e%6f%73%61%6d%20%65%
67%72%6f%65%67%20%74%61%20%
64%65%64%6e%75%6f%66%20%65%
6e%69%6c%70%69%63%73%69%64%
20%61
~~~
V2lsbGlhbSBILiBSZWRtb25kIHJldmlld3M=
referring to using some or all of the following clues:
(tildes separate the parts of code)
Hints: many ascii de/encryption sites exist.
Double encryption anyone?
ecisionsday reaay otnotnotnay ertaincay
~~~
6d 69 74 20 70 72 65 73 73
~~~
b3h4v10r4l, c45h
~~~
MDExMDAxMTEgMDExMDExMDAgMDE
xMDEwMDEgMDExMDExMDEgMDAxMD
ExMDAgMDAxMDAwMDAgMDExMDAw
MTEgMDExMDEwMDAgMDExMDAxMD
EgMDExMTAwMTAgMDAxMDAwMDAg
MDAxMDEwMDAgMDExMDAwMDEgMD
ExMDAxMDAgMDExMDAxMDAgMDAxM
DAwMDAgMDAxMDEwMDE
~~~
%79%74%69%73%72%65%76%69%6e%
75%20%6e%6f%73%61%6d%20%65%
67%72%6f%65%67%20%74%61%20%
64%65%64%6e%75%6f%66%20%65%
6e%69%6c%70%69%63%73%69%64%
20%61
~~~
V2lsbGlhbSBILiBSZWRtb25kIHJldmlld3M=
Saturday, February 3, 2007
Decryption Challenge part 2
Here's an easier one: a 3 part code separated by
tildes. To properly decrypt, you must figure out
what each section means and answer the question
posed-
Code:
978
047
145
380
2
~~~~
01100001 01101101
01111010 01101110
00101110 01100011
01101111 01101101
00100000 01110010
01100101 01110110
00101110 00100000
00100011 00110010
~~~~~
%77%68%61%74%20%6b%69%6e%64%20%6f%
66%20%73%65%63%75%72%69%74%79%20%
74%6f%79%73%3f
tildes. To properly decrypt, you must figure out
what each section means and answer the question
posed-
Code:
978
047
145
380
2
~~~~
01100001 01101101
01111010 01101110
00101110 01100011
01101111 01101101
00100000 01110010
01100101 01110110
00101110 00100000
00100011 00110010
~~~~~
%77%68%61%74%20%6b%69%6e%64%20%6f%
66%20%73%65%63%75%72%69%74%79%20%
74%6f%79%73%3f
Decryption Challange part 1
Subscribe to:
Posts (Atom)