Jump to content
Tuts 4 You

A Journey to the Center of the Rustock.B Rootkit


About This File

On 27 December 2006 I found a sample of the Rustock.B Rootkit at www.offensivecomputing.net, which was only sparsely analyzed at this time. I was keen to study its behaviour, as I've heard a lot of stories about this infamous Rootkit. Rustock included several techniques to obfuscate the driver which could be stumbling blocks for the researcher. Analyzing the binary was quite fun. Recalling the work I've done over the last few days, it is clear that Rustock is quite different from most other Rootkits I've seen in the past. It is not much because Rustock uses new techniques, but rather because it combines dozens of known tricks from other malware which makes it very effective.


User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...