New Trojan, kernel level rootkit have 'frightening capabilities'

Sana Security Inc. is warning of a highly evasive kernel-level rootkit associated with a data-stealing Trojan that can survive a reboot and doesn't run as a separate process. The malware also can detect previously used passwords on a machine, not just those logged after a PC is infected.

The Trojan and rootkit, which remain hidden from the operating system task manager and avoids AV detection, were discovered by the San Mateo, Calif.-based enterprise security software provider's Sana Labs team during an investigation into the new Alcra worm. As of Tuesday afternoon, only a handful of security companies had created a way to detect the worm, the company reported. New Trojan, kernel-level rootkit have 'frightening capabilities'

Linked by shanmuga Wednesday, 22nd March 2006 12:57AM