[Dshield] Rootkits All Around: Universal Music Has It ,Too

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Wed Nov 2 20:40:10 GMT 2005


On Wed, 02 Nov 2005 14:50:56 EST, Mark Owen said:

> Admins are still admins.  It does hide from most antivirus and other
> tools.  No reports given of allowing remote access and their probably
> won't be any either.

No reports *yet*.  The mere fact that it's a free cloaking device for
any file with a name that starts with '$sys$' is going to attract
the malware writers - and there's bound to be other goodies yet to
be revealed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051102/5697c6cc/attachment.bin


More information about the list mailing list