From: Daniel Weatherly (Daniel.WeatherlyREMETTRA.COM)
Date: Wed Feb 16 2005 - 08:58:34 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am sure we have all had our rounds with spyware. I have even run up
against the type of spyware/tojan that hides itself from the system so
that it does not appear in any process list and it even hides from
explorer and anything that may use the FileSystemObject to access the
hard drive.

While doing some research for a friend whose server had crashed I ran up
on a couple of web sites that I thought everyone should see. Imagine
processes and applications running on your Windows machines that cannot
be detected by anti-virus and spyware applications. I have never seen
this type of discussion on bugtraq before and it may not be considered a
bug, but I feel that this topic needs some press time. It's VERY scarey.

http://weblogs.asp.net/robert_hensing/archive/2005/01/14/353156.aspx

http://www.rootkit.com <http://www.rootkit.com/> (I have not
downloaded, nor have I used any of the applications from this web site.)

-Daniel

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]