RE: Microsoft: Rootkits and Blaster

["Marius Gheorghescu" <mariusg () microsoft com>]

Yes, it seems odd/off to a lot of people, even to AV researchers. But to
my knowledge the figures given by Jason are very real. I probably would
have used a different term instead of "stealth rookits"... maybe
"stealth malware and rookits" - anyway, 20% of ITW malware are not
average worms. It's so surprising how many AV companies cannot see
rootkits while they are active but they will see them in files ;-)))),
It's understandable why some people look at these figures with
disbelief, it's hard to gather such numbers. 

> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On
> Behalf Of Hubbard, Dan
> Sent: Tuesday, December 06, 2005 8:41 AM
> To: Fergie; funsec () linuxbox org
> Subject: RE: [funsec] Microsoft: Rootkits and Blaster
>
> Hmm, this stat seem way off to me. Either that or a) they don't have
> detection / removal for mass mailing worms and BOT's or b) the
> definition of "rootkit" is very broad.
>
>
>
>
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> On Behalf Of Fergie
> Sent: Tuesday, December 06, 2005 8:21 AM
> To: funsec () linuxbox org
> Subject: [funsec] Microsoft: Rootkits and Blaster
>
> Here are a couple of interesting snippets, both via eWeek.
>
> First: "Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes"
>
> [snip]
>
> More than 20 percent of all malware removed from Windows XP SP2
(Service
> Pack 2) systems are stealth rootkits, according to senior official in
> Microsoft Corp.'s security unit.
>
> Jason Garms, architect and group program manager in Microsoft's
> Anti-Malware Technology Team, said the open-source FU rootkit ranks
high
> on the list of malicious software programs deleted by the free Windows
> worm zapping utility.
>
> [snip]
>
> http://www.eweek.com/article2/0,1759,1896605,00.asp
>
> And: "Two Years Later, Blaster Worm Still Squirming"
>
> [snip]
>
> More than two years after Blaster turned the summer of 2003 into an IT
> administrator's worst nightmare, the worm is still very much alive and
> there are fears within Microsoft that thousands of Windows machines
will
> never be completely dewormed.
>
> According to statistics culled from Microsoft's Windows malicious
> software removal tool, between 500 and 800 copies of Blaster are
removed
> from Windows machines per day.
>
> [snip]
>
> http://www.eweek.com/article2/0,1759,1896373,00.asp
>
> Who'd a thunk?  :-)
>
> - ferg
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet  fergdawg () netzero net or
> fergdawg () sbcglobal net  ferg's tech blog:
http://fergdawg.blogspot.com/
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.