The "Symantec rootkit"

Norton Systemworks has a feature called "Protected Recycle Bin". This feature is intended to enable the user to recover deleted files that would otherwise be unrecoverable. These files are stored in a folder typically called C:\Recycler\Nprotect - and this folder is hidden with rootkit-like techniques. There's nothing inherently wrong in this.

The only problem is that any malware already running on the system can copy itself to that particular folder and Systemworks will hide it completely from the user and from most on-demand antivirus scanners (but not from F-Secure Internet Security 2006, which will see it because it integrates the BlackLight rootkit detection technology).

However, we haven't seen any malware which would even attempt to do that. F-Secure : News from the Lab - January of 2006

Linked by shanmuga Friday, 13th January 2006 4:34AM