Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Stopping the ZeroAccess Rootkit - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Stopping the ZeroAccess Rootkit

Jack at the Infosec Institute sent a note announcing research that had been done on the ZeroAccess Rootkit.

He states "One of our InfoSec Resources Authors defeated all of the anti-debugging and anti-forensics features of ZeroAccess and traced the source of this crimeware rootkit"

The full article can be found on their website.

How widespread are rootkits in your environment?

Are you having a problem with rootkits right now or have you had a problem with them in the past?

Write in and share your experiences including any practical tips on recovery in a corporate environment.
 

Christopher Carboni - Handler On Duty

Chris

140 Posts
ok, from a Google search "detect zeroaccess rootkit" this site Anti-Malware-Site.com looked interesting with an April 2010 review of rootkit detection software. Does anyone know about this site. Looks good, but I'm skeptical.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!