Among Rustock’s distinguishing characteristics are its heavy reliance on advanced rootkit technologies to hide from security software and its changeling-like ability to morph itself each time it infects a file. That threat, dubbed “Rustock” by Symantec, is a family of backdoor Trojan horses that first appeared nearly a year ago, says Patrick Martin, a senior product manager with the Cupertino, Calif., company’s security response team. The tactics used by a sophisticated threat of 2006 will become staples in exploits during the year to come, a security researcher. “The techniques that [Rustock] is using will be the baseline for threats in the future,” Martin says. “It’s using techniques that most rootkit detectors aren’t looking at or for yet,” says Martin. The longer a Trojan can remain undetected the longer it can stay on a PC, and the more income it can generate for its owner.<\/p>\n","protected":false},"excerpt":{"rendered":"
Rustock, like other recent in-the-news exploits such as “Stration,” is designed to send spam from hijacked computers.<\/p>\n
Rustock hooks into the Windows 32-bit kernel, and patches several APIs (Applications Programming Interfaces) to hide the new registry keys and files it installs.<\/p>\n
Polymorphic exploits, which first appeared in 1990, are rarely seen today, Martin says, but Rustock has revived the practice as another defensive strategy against security software, which uses pattern detection and threat-specific signatures to sniff out malware.<\/p>\n
http:\/\/www.informationweek.com\/showArticle.jhtml;jsessionid=3SBBS032AKJBOQSNDLRSKH0CJUNN2JVN?articleID=196603916<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2401","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2401"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2401\/revisions"}],"predecessor-version":[{"id":4888,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2401\/revisions\/4888"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}