New Type Of Spyware Please Read

[Hellbreather]

Hi guys.
One of my friends have emailed me telling me about a new type of spyware called Rootkits' they make sure that the spyware stays invisible and undetectable. Because they are hidden by rootkit's all the AV programs cannot detect them and even when they are installed you cannot detect them.
When I get back home I will give you the website to download a program that will tell you if any Rootkit's are installed on your computer

Just a note most RootKit's contain Keyloggers this is how that £2 million bank fraud was done. Using rookit's and now they are making their way to our home computers

 

[Praetor]

Because they are hidden by rootkit's all the AV programs cannot detect them and even when they are installed you cannot detect them

That's a bit vague wouldnt you say? ('sides that's what process-level white-listing is for )

 

[Sebouh]

well i don't think AV programs' job is to catch spyware, isn't that the Anti-Spyware's job?

 

[Byteman]

Rootkits are described very well at the following link...
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

 

[Hellbreather]

Very informative thanks Byteman

 

[Byteman]

No prob.

If I may, there is a new type of hijack floating around lately, these hijacks take over your desktop background and the ability to change it. They are a REAL pain to get rid of, cuz Anti-spyware programs don't touch them, not even hijackthis will see them, (cuz they use reg keys that aren't even considered by hijackthis and other anti-spyware programs).

 

[UndeadInsanity]

Because they are hidden by rootkit's all the AV programs cannot detect them and even when they are installed you cannot detect them.

http://securityresponse.symantec.com/avcenter/venc/data/hacktool.rootkit.html

Interesting...

 

[Hellbreather]

Symantec can only detect one type of Rootkit. All the other types of Rootkit cannot be detected. Read the link given to you by Byteman

 

[Greg J.]

I scanned my PC with RootkitRevealer and it found 2 things: both are "Data mismatch between Windows API and raw hive data". Is something modified? I mean, I tweak my machine, but never the registry. So, what is this?

 

[Byteman]

Have you had your desktop, browser, or anything else hijacked and you can't get rid of it? Any suspicious activity, spyware type stuff or weird unexplanable things going on? Have you run spyware scans? Virus scans?... lately and been infected? Then possibly yes, if not, then probably no.