The Register® — Biting the hand that feeds IT

Feeds

Rootkit unearthed in network security software

Hidden process developer linked to Sony USB fiasco

Customer Success Testimonial: Recovery is Everything

Researchers have unearthed rootkit-like functionality in an enterprise security product.

Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports. Files in the hidden directory could exist below the radar of antivirus scanners, potentially creating a stealthy hiding place for computer viruses that their creators might seek to exploit.

Trend Micro has written to the software developers involved in what looks like a case of misguided software design, rather than anything worse. Pending a fix from software developers, Trend Micro has slapped a "hacking tool" warning on the rootkit-like component of the network security tool (called HKTL-BRUDEVIC).

It doesn't name the developers except to say they are the same firm which bundles rootkit-like software with USB storage devices featuring fingerprint authentication.

Sony got a further black eye from issues with its MicroVault USM-F fingerprint reader software last year, which emerged a little over two years after its thorough mauling for including rootkit functionality on its music CDs. The feature, designed to stop fans ripping music tracks, created a security hole exploited by a number of Trojans. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Latest Comments

Rootkit on the Buntu (Mike)

"it was built specifically (Ubuntu/Open Office) for a novice use and was assured to be 'invulnrable' from viruses (meaning malware), but oddly enough was turned into a spam relay that didn't have any mail relaying processes listed during a ps listing, nor anything in the startup, the files were invisible until you booted off a (in this case) USB Linux boot disk."

That my dear sir means there has been some incredibly sloppy sysadmining going on...

And it smells suspiciously like lame (at best, so-so) problem fixing, too.

Not that Linux (or any OS, for that matter) is immune to that kind of things, but I wouldn't write "very vulnerable" either.

0
0

Linux (f)lameboys

Why is a rootkit called a rootkit?

Because it first appeared on UNIX style systems (the "root" part of rootkit..... geddit?).

Not only is Linux/UNIX very vulnerable to this sort of malware, it started there, as KarlTh hints at, the only sure-fire way of detecting one is to mount the hard drive on a system that wasn't booted from it.

I fixed a Linux PC about four months ago that got rooted, it was built specifically (Ubuntu/Open Office) for a novice use and was assured to be 'invulnrable' from viruses (meaning malware), but oddly enough was turned into a spam relay that didn't have any mail relaying processes listed during a ps listing, nor anything in the startup, the files were invisible until you booted off a (in this case) USB Linux boot disk.

There are thousands of pieces of malware (virus/trojan/worm) for Linux/UNIX, if it ever became popular for the home market, which it isn't, then it will be targeted more agressively, more importantly if a single flavour (Ubuntu?) became more popular (like OSX) then then a common set of predictable interfaces (like Win32 has) would mean easier spread.

0
0

The Broodwich?

"BRUDEVIC" -> The Broodwich?

The alien... to honor the mooninites.

0
0

More from The Register

 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
 breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats