The TDSS rootkit burst on the scene in 2008 and quickly earned the begrudging respect of security experts for its long list of highly advanced features. It is virtually undetectable by antivirus software, and its use of low-level instructions makes it extremely hard for researchers to conduct reconnaissance on it. A built-in encryption scheme prevents network monitoring tools from intercepting communications sent between control servers and infected machines.The amount of talent that it takes to make this does not come cheap. That talent used to gravitate to the security defenders - to little startups like the ones I used to haunt. There's no money there now.
But there's a boatload of money in the malware business. Thank you
Seems to me that Paul Sarbanes is a democrat from Maryland and the law passed with overwelming votes from BOTH parties in both the house and senate with nary any dissent. Your partisan jab doesn't work here.
ReplyDeletecoyoteken,
ReplyDeleteWe're used to the Democrats implementing huge, unwieldy, top-down Stalinist power grabbing programs. It's what they do.
My point is that the Republicans show no little appetite for the same. The Department of Homeland Security is another example, as is the TSA - both of which flourished under George W. Bush and a Republican Congress.
Not good news... Not at all.
ReplyDeleteTDDS, yep that was a fun one...
ReplyDeletethere are tools out there from Kaspersky and Sophos that will get 'er done.
Sarbanes Oxley has another side effect. Thousands of high tech workers have to spend time every year getting trained in it, draining productivity from their companies.
ReplyDeleteOn my best day, I couldn't influence our stock price as much as one slip of the lip from our CEO or board member could, if overheard out on the golf course. Yet I have to spend a half hour to an hour every year getting trained.
"An undetectable, indestructable rootkit:"
ReplyDeleteNeither-nor, Borepatch. Damn difficult to do both if you're just an average user ... but a power user can do it, and it's not even all that hard. As noted above, Kaspersky and Sophos can detect and clean it. The other vital aspect of removal is boot from a liveCD version of Windows. That way the rootkit never loads and its cloaking code is never activated.
Ok, so like, go over the whole thing about making a LiveCD boot-version of Windows-7 for us knuckledraggers, so I can do that at home?
ReplyDeleteA Kaspersky or Sophos boot disk loads and runs on linux. If you need to go in and do manual surgery, I recommend linux Ubuntu 11.04 live.
ReplyDeleteI'm not a real doctor, but I've played one on TV.
SOX just plain...SUX.
ReplyDeleteThe problem with it is that it was no more than *feel good* legislation, designed as Kabuki Theater for Wall Street, much as TSA and Nudie Scanners are Kabuki for the flying public.
What good are audits and controls over the *codebase*, when a CEO or CFO that wants to steal can go to LegalZoom, create a shill corporation for under $900, and cut checks to these shill entities, cash the checks, and pocket craptons of money.
All without touching ONE SINGLE LINE of code...
Complete waste of time and money is SOX....