Win32Ntldrbot (aka RustockC) no longer a myth, no longer a threat New DrWeb scanner detects and cures it for real!

Released on: May 6, 2008, 4:24 am

Press Release Author: Information Service of Doctor Web, Ltd.

Industry: Computers

Press Release Summary:
Doctor Web, Ltd. - a Russian developer of Dr.Web security solutions - discovered
samples of Win32.Ntldrbot (aka Rustock.C) and now cures systems infected by this
rookti. Currently no other anti-virus can detect this malicious program.


Press Release Body: These days the world marked the 30th anniversary of spam which
has already become a worldwide issue. Experts assess up to 90 per cent of our e-mail
to be completely irrelevant and irritating. Win32.Ntldrbot is one of the reasons
behind the booming activity of spammers.

The main task of Win32.Ntldrbot is infecting PCs, turning them into spamming bots in
botnets. According to Secure Works, the botnet built by Rustock is the third largest
and distributes around 30 billion spam messages daily.

Besides, the rootkit remained completely undetected. Supposedly, it has been doing
so since October 2007: neither anti-virus companies, nor virus makers were able to
obtain a sample of Rustock.C. Meanwhile, the rootkit turned out to be real.

Eighteen months passed before Win32.Ntldrbot has been found by analysts of Doctor
Web, Ltd. at the beginning of 2008. Dr.Web virus monitoring service found about 600
samples of the rootkit but nobody knows how many are remaining. It took several
weeks to unpack and analyze the rootkit and to improve the detection technology.

All this time the rootkit was in the wild compromising PCs and turning them into
bots. Assuming that the malware has been running free and completely invisible since
October 2007, one could asses the resulting amount of infected traffic. Today no one
can guarantee that your machine, too, is not infected. Probably it has become a bot
and is sending out spam right now.

At present, no other anti-virus program, except for Dr.Web anti-virus can detect
Rustock.C. Those who are not Dr.Web customers can download free Dr.Web CureIt!
utility and scan the computer, to be on the safe side.

Once virus writers manage to obtain a sample of the rootkit, the flourishing of
similar technologies and their implantation into viral programs will become a matter
of time.

http://info.drweb.com/show/preview/3342/
The attachment to the article contains more technical details about the rootkit.


Web Site: http://www.drweb.com

Contact Details: Doctor Web, Ltd. (head office)
Address: 2-12A, 3rd str. Yamskogo polya, 125124, Moscow, Russia
Tel: +7 (495) 789-45-87
Fax: +7 (495) 789-45-97
pr@drweb.com

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •