Windows 10: New Moriya rootkit stealthily backdoors Windows systems

Unknown threat actors have been employing a Windows rootkit for years to stealthily install backdoors on vulnerable machines.

In a campaign dubbed Operation TunnelSnake by Kaspersky researchers, the team said on Thursday that an advanced persistent threat (APT) group, origin unknown but suspected of being Chinese-speaking, has used the rootkit to quietly take control of networks belonging to organizations.

Rootkits are packages of tools that are designed to stay under the radar by hiding themselves in deep levels of system code. Rootkits can range from malware designed to attack the kernel to firmware, or memory, and will often operate with high levels of privilege.

According to Kaspersky, the newly-discovered rootkit, named Moriya, is used to deploy passive backdoors on public-facing servers. The backdoors are then used to establish a connection -- quietly -- with a command-and-control (C2) server controlled by the threat actors for malicious purposes.

The backdoor allows attackers to monitor all traffic, incoming and outgoing, that passes through an infected machine and filter out packets sent for the malware.


Read more:

• New Moriya rootkit stealthily backdoors Windows systems | ZDNet
• Operation TunnelSnake | Securelist

:)

 

6 Rootkit Detector Programs reviewed & compared: INTERESTING READ!

Cool find - Rootkit Unhooker 3.0 looks like it kicks butt.

 

Sophos Anti-Rootkit 1.3.1

Sophos Anti-Rootkit finds and removes any rootkit that is hidden on your computer. Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care.
Latest Changes:

* Enhanced detection and cleanup facilities
* Users can install and uninstall Sophos Anti-Rootkit using standard Windows procedures (i.e. the Windows Start menu, and the Windows Add/Remove Programs menu option)
* The file sarscan.log is cumulative and is timestamped. The file sarclean.log is cumulative and is not timestamped
* Scans running processes, windows registry and local hard drives for rootkits
* Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity
* Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit
* Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed
* Users can switch between the GUI and command-line functionality
* Both context sensitive and command-line help are available

Website

 

6 Rootkit Detector Programs reviewed & compared: INTERESTING READ!

Review: Six Rootkit Detectors Protect Your System:

http://www.informationweek.com/news...UNN2JVN?articleID=196901062&pgno=5&queryText=

*Smile

• F-Secure BlackLight
• IceSword
• RKDetector
• Rootkit Buster
• Rootkit Revealer
• Rootkit Unhooker

* Interesting when you see the results, & which was the MOST effective as well!

APK