Rootkits fight for control of compromised PCs

Uh oh. This can't be good.

s_c47, why, unless you make root kits. If you have someone in control, why do you care which hacker has control of your computer or someone elses?

I don't. But someone selling their rootkits to other people is bad news. Do I really have to explain this to you?

Maybe I have become callus that it is common for computers to be attacked with root kits or some other even more insidious method of attack. I say insidious because there is a wide array of root-kit detectors, while some bot nets use new nearly undetectable methods. I now have a spare C: squeaky clean loaded with a dozen or so malware detectors that I can use when I suspect foul play but nothing turns up in scans. Because these attacks are ‘business as usual’, I browse from a sandboxed browser so any virus attack will be contained inside the sand box. If I suspect foul play the sandbox is deleted. Those Spanish guys that ran a 6 figure bot net had no technical expertise. They just picked up what they needed on several hacker sites and used the tools very effectively.

AD put out an article stating about 80% of the new malware can download files of its choosing. I think you are a bit naïve thinking computing is much safer than it really is.

Originally posted by Mez:

---

I think you are a bit naïve thinking computing is much safer than it really is.

---

If you were paying attention to all the scary articles published over the last year or 2 this wouldn't add any new danger to anything.

I understood the article and what I said was there was at least one AD article that I remember where non programmers can cobble together a bot net from hacker web sites and command a bot net of hundreds of thousands of computers. That to me was much much scarier than this. At least with the root kit sales the person using the root kit must be a programmer. It is kind of being over whelmed that you can buy throwing knifes which requires skill to use but are not upset that you can buy a gun or handgrenade that require little skill to use, on the street.

I never said you don't care who has control of your computer. You do have a choice. I suspect you do not frequent sites that are problems. My kids must go to the wrong places. I suspect facebook might be one. Maybe it was kiddy game sites. I do know the home computer was getting several viruses a week with McCaffy running. My daughter hogs the computer and spends most of her time on facebook. I have a 12 yr old that still gose on kiddy sites. That is a great place to infect. Kids have no fear or sense. I also have a 21 yr old so who knows who was getting the computer infected.

As a tip, install sandboxie and browse under it. It is a free utility. I blow away the sandbox every week or so on the family computer. Scans after the delete are clean. I use several different scanners that may be better than macaffy. 2 will detect root kits. These have to be done manually so it is a pain and many require rebooting. I now scan less than once a month because I think the routine is safe.

Because of the sandboxing effect, rootkits probably do not work. The root kits probably load themselves into where updates go and are applied at start up. The effect puts them into the wrong place so they do not get executed when they need to. They get executed when Sandboxie starts up and you would need permission to even try to execute the package. Even if you OK the update (stupid!) the root kit missed its window of opportunity, your OS is already loaded.

Peace!