From Collaborative RCE Knowledge Library

Jump to: navigation, search

A Journey to the Center of the Rustock.B Rootkit

Item name: A Journey to the Center of the Rustock.B Rootkit
Rating: 0.0 (0 votes)
Author: Frank Boldewin                        
Home URL: http://www.reconstructer.org
Last updated: January 20, 2007
Version (if appl.): 1.0
Direct D/L link: http://antirootkit.com/articles/A-Journey-to-the-Center-of-the-Rustock-B-Rootkit/index.htm
Description: "You try to look innocent, but what's behind the curtain? Whatever you hide or pretend will be detected - this is certain!" On 27th December 2006 I found a sample of the Rustock.B Rootkit at www.offensivecomputing.net, which was only sparsely analyzed at this time. I was keen to study its behaviour, as I’ve heard a lot of stories about this infamous Rootkit. Rustock included several techniques to obfuscate the driver which could be stumbling blocks for the researcher. Analyzing the binary was quite fun. Recalling the work I’ve done over the last few days, it is clear that Rustock is quite different from most other Rootkits I’ve seen in the past. It is not much because Rustock uses new techniques, but rather because it combines dozens of known tricks from other malware which makes it very effective.
Related URLs: No related URLs have been submitted for this item yet


RSS feed Feed containing all updates for this item.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the item above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Tools