Anatomy of a root kit

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Sysman replied

19 November 2010, 12:06
It is inded big business, probably far bigger than your estimate. The mob have moved in:

Chasing Pirates: Inside Microsoft’s War Room

The police reached the house undetected, barreled in and found rooms crammed with about 50 machines used to copy CDs and make counterfeit versions of software like Microsoft Office and Xbox video games. They arrested three men on the spot, who were later released while the authorities investigate the case. “The entire operation was very complicated and risky,” says a person close to the investigation, who demanded anonymity out of fear for his life.

The raid added to a body of evidence confirming La Familia’s expansion into counterfeit software as a low-risk, high-profit complement to drugs, bribery and kidnapping. The group even stamps the disks it produces with “FMM,” which stands for Familia Morelia Michoacana, right alongside the original brand of various software makers.

The cartel distributes the software through thousands of kiosks, markets and stores in the region and demands that sales workers meet weekly quotas, this person says, describing the operation as a “form of extortion” on locals.

The arrival of organized criminal syndicates to the software piracy scene has escalated worries at companies like Microsoft, Symantec and Adobe. Groups in China, South America and Eastern Europe appear to have supply chains and sales networks rivaling those of legitimate businesses, says David Finn, Microsoft’s anti-piracy chief. Sometimes they sell exact copies of products, but often peddle tainted software that opens the door to other electronic crime.

... on page 2 ...

Microsoft’s tests of software on some popular sites have shown that 35 percent of the counterfeit software contained harmful code.

Last edited by Sysman; 19 November 2010, 13:37. Reason: typo
Leave a comment:
DaveB started a topic Anatomy of a root kit

19 November 2010, 11:20
Anatomy of a root kit

The ZeroAccess root kit is one of the most notorious root kits in use today. Also known as Smiscer or Max++, Symantec estimates it has infected at least 250,000 PC's world wide. Sold through criminal networks as a tool to install malicious payloads onto target systems this version is being used to push fake anti-virus software that tries to con end users into paying $70 to remove "virus infections". Just a 10% response rate on 250,000 infections would be worth $1.75m. This is big business.

What makes it so dangerous is it's ability to hide itself, from the user, from anti virus software and from forensic analysis. It's designed to be both undetectable and un-removable without causing serious damage to the host OS. It can even survive an OS partition deletion and re-installation.

For the first time this root kit has been successfully reverse engineered and it's internal operation understood.

All the gory details can be found here

Warning : Heavy technical content and lots and lots of assembly code.
Tags: None