amuck-landowner

Uroburos rootkit undiscovered for three years

peterw

New Member
The rootkit named Uroburos, enables its masters to take control of infected computers. The threat, which works on both 32-bit and 64-bit Windows systems, can execute arbitrary commands, hide system activities, steal files, and capture network traffic. It’s designed in a way that allows its creators to extend its functionality by adding new modules and it is building its own p2p network.
The Uroburos driver is also highly sophisticated, being difficult to identify. This is demonstrated by the fact that the oldest driver was compiled in 2011. The attackers managed to conduct their operations for at least three years without being discovered.

It checks targets for the presence of Agent.btz and if it finds it, it does not activate itself.

G Data, the finder, has published a technical paper of Uroburos.

Nobody found this rootkit for three years. It is important to know that virus scanners only scan for known viruses and don't help with unknown threats.
 

blergh

New Member
Verified Provider
Interesting indeed. I read the paper but i wanted some more gory-techdetails instead of what was given. I'm pretty sure there's plenty of similar malware around seeing as the Internet is the new frontier.
 

wlanboy

Content Contributer
Yup - if someone has got enough resources such a rootkit can be developed.

The Antivirus companies do not look that good if they can find such things only by accident.
 
Top
amuck-landowner