¤§«eDr.Web¤j¸v«Å¶Ç¥L­Ì¯à°÷°»´ú¶Ç»¡¤¤ªºRootkit:"Rustock.C" .

³Ìªñ¦bSunbeltªºBlog¤W¤]¬Ý¨ì¤F¬ÛÃö¤ÀªR.6/10,ESET¤]¦bBlog¤¤µo¥¬¤F¸Ó«Â¯ÙªºÂ²µu¤ÀªR .

ESET»¡³o°¦«Â¯Ù³Q»¡¦¨¬O«ÜÃø³B²zªº¤@­Óµ{¦¡,¦ý¨Æ¹ê¤W¥¦©Ò¥Îªº§Þ³N¬Û·í´¶³q:
encryption
compression
imports rebuilding
relocations handling
anti-debug tricks

¨ä¤¤¥]§t¤F§Ú­Ì±`»¡ªº:¥[´ß©M¥[ªá,¨âºØ§K±þ§Þ³N(¸Ó«Â¯ÙÁÙ¦³¨Ï¥Î¥[±K§Þ³N) .

²q´úDr.Web¥i¯àÄÀ¥X(©Î¬O"°â¥X")¸Ó«Â¯Ùªº¼Ë¥»,§_«h¦b³o»òµuªº®É¶¡¤ºESET©MSunbelt¤£¤Ó¥i¯à¨ú±o .

¤£¹L¦bESETªº§ó·s²M³æ¤¤,´N¤w¸g§ó·s¹L50¦¸RustockªºÅܺØ,©Î³\¥u¬O³QDr.Web"ÁÁ¨¥"¤Æ¦Ó¤w .

ESET²µu¤ÀªR³ø§i,¥i°Ñ¦Ò:http://www.eset.com/threat-center/blog/?p=127

[ ¥»©«³Ì«á¥Ñ integear ©ó 2008-6-16 16:54 ½s¿è ]

Rustock.C ¡V Unpacking a Nested Doll
http://blog.threatexpert.com/200 ... ng-nested-doll.html

Sunday, May 18, 2008

°¸¥h§ì¤F¤@­ÓRustock.C BootKit ·P¬VNtdlrªºROOTKIT样¥».....
¤£ª¾¹D¬O¤£¬O¶Ç»¡¤¤ªºRootkit:"Rustock.C"

C:\Documents and Settings\Administrator\®à­±\111.rar > RAR > 111.sys - Win32/Rustock.NEW ¤ì°¨
¦n¹³¬O¨ä¤¤¤@ºØ§a!?

«e´X¤ÑÁÙ¦b¼Ë¥»°Ï¨£¨ì¤F³o­ÓKILLAV.IA

¤Þ¥Î:

­ì©«¥Ñ wsc47621 ©ó 2008-6-16 20:28 µoªí
C:\Documents and Settings\Administrator\®à­±\111.rar > RAR > 111.sys - Win32/Rustock.NEW ¤ì°¨
¦n¹³¬O¨ä¤¤¤@ºØ§a!?

ESET§ó·s"Rustock"ÅܺØ,³Ì·s¤@¦¸¬O¦b2945(20080313):"Win32/Rustock.NDV".²q´úÀ³¸Ó´N¬O³o°¦ .

F-Secure Client Security 7.10:

Virus.Win32.Rustock.a
C:\Users\USER\Desktop\111.rar\111.sys

Kaspersky Internet Security 7.0.1.325ª©
°»´ú
¯f¬r Virus.Win32.Rustock.a

¬Ý¨Ó¬ORustock.A°Ú¡A©MRustock.CÀ³¸Ó¦³¤£¦PÂI§a¡H
¾Ú»¡Rustock.C±qÄÀ¥X¨ì³Qµo²{¡A¸g¹L¤F¤@¦~¦h¡A¥i¯à¦³³\¦h¹q¸£¤¤ºj¤F¡C

¤W­±¼Ë¥»¤p¬õ³Ê°»´ú¡GTR/Rootkit.Gen

¤Þ¥Î:

­ì©«¥Ñ charles1394 ©ó 2008-7-4 09:28 µoªí
¬Ý¨Ó¬ORustock.A°Ú¡A©MRustock.CÀ³¸Ó¦³¤£¦PÂI§a¡H
¾Ú»¡Rustock.C±qÄÀ¥X¨ì³Qµo²{¡A¸g¹L¤F¤@¦~¦h¡A¥i¯à¦³³\¦h¹q¸£¤¤ºj¤F¡C

¤W­±¼Ë¥»¤p¬õ³Ê°»´ú¡GTR/Rootkit.Gen

®¦®¦,Dr.Web»¡¥¦¤w¸g¦bºô¸ô¤W¬y¶Ç«Ü¤[¤F,¦ý¬O¬°¦ó·|¬ðµM§ì¨ì,¤£ª¾¹D .

¥d8 434ª© ÂIªþ¥ó¤U¸ü´N³Q§ì¤F@