Rootkits for fun and profit

Toward the end of 2006, several penny stocks, stocks valued at or below one cent saw momentary blips of upward activity. The sudden surge of interest wasn't a surge of confidence by shareholders based on some end of the year corporate profit projection, rather it was criminal. Last summer, I wrote how Web 2.0 technology could be used to "pump and dump" penny stocks, but only in limited scenarios. This latest round of attacks was pretty old school, using botnets to broadcast the spam worldwide. Behind most of the recent spam attacks is a single rootkit, one that could be a model for security threats in the new year.

The rootkit, dubbed Rustock by security vendor Symantec, isn't new; it's been around for more than a year. In July 2006,'s Joris Evers reported on the original version. However, many end-of-the-year analyses from security vendors concluded that Rustock--also known as Mailbot.AZ by F-Secure--is the model for criminal hackers; in part, because it does a great job of hiding itself (making detection challenging), and also because it has been shown to infect even the new Windows Vista operating system from Microsoft. Security Watch: Rootkits for fun and profit - CNET reviews

Linked by shanmuga Monday, 22nd January 2007 11:07PM