Win32Ntldrbot (aka RustockC) No Longer a Myth, No Longer a Threat New DrWeb Scanner Detects and Cures it For Real

Released on: May 7, 2008, 1:57 am

Press Release Author: Lucia Gourtovaya/Dr.Web

Industry: Software

Press Release Summary: Doctor Web, Ltd. - a Russian developer of Dr.Web security
solutions - discovered samples of Win32.Ntldrbot (aka Rustock.C) and now cures
systems infected by this rootkit. Currently no other anti-virus can detect this
malicious program.

Press Release Body: Doctor Web, Ltd. - a Russian developer of Dr.Web security
solutions - discovered samples of Win32.Ntldrbot (aka Rustock.C) and now cures
systems infected by this rootkit. Currently no other anti-virus can detect this
malicious program.

These days the world marked the 30th anniversary of spam which has already become a
worldwide issue. Experts assess up to 90 per cent of our e-mail to be completely
irrelevant and irritating. Win32.Ntldrbot is one of the reasons behind the booming
activity of spammers.

The main task of Win32.Ntldrbot is infecting PCs, turning them into spamming bots in
botnets. According to Secure Works, the botnet built by Rustock is the third largest
and distributes around 30 billion spam messages daily.

Besides, the rootkit remained completely undetected. Supposedly, it has been doing
so since October 2007: neither anti-virus companies, nor virus makers were able to
obtain a sample of Rustock.C. Meanwhile, the rootkit turned out to be real.

Eighteen months passed before Win32.Ntldrbot has been found by analysts of Doctor
Web, Ltd. at the beginning of 2008. Dr.Web virus monitoring service found about 600
samples of the rootkit but nobody knows how many are remaining. It took several
weeks to unpack and analyze the rootkit and to improve the detection technology.

All this time the rootkit was in the wild compromising PCs and turning them into
bots. Assuming that the malware has been running free and completely invisible since
October 2007, one could asses the resulting amount of infected traffic. Today no one
can guarantee that your machine, too, is not infected. Probably it has become a bot
and is sending out spam right now.

At present, no other anti-virus program, except for Dr.Web anti-virus can detect
Rustock.C. Those who are not Dr.Web customers can download free Dr.Web CureIt!
utility and scan the computer, to be on the safe side.

Once virus writers manage to obtain a sample of the rootkit, the flourishing of
similar technologies and their implantation into viral programs will become a matter
of time.

http://info.drweb.com/show/preview/3342
The attachment to the article contains more technical details about the rootkit.


Web Site: http://www.drweb.com

Contact Details: PR-contact
Lucia Gourtovaya
International Sales Director
Doctor Web, Ltd.
Mail to: pr@drweb.com
Website: http://www.drweb.com
Tel: +7 (495) 789-45-87
Fax: +7 (495) 789-45-97
Adress: Russia, Moscow, 3ja ulitsa Yamskogo polya 2-12A

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •