Tuesday, March 22, 2005

The popular media does it again.

I received a link to an eWEEK article this morning, entitled "Hacking Tools Can Strengthen Security", by Cameron Sturdevant. This article makes reference to rootkits on Windows as "new"...and at this point I'm grimacing, mumbling, "Please, not another one..." under my breath.

Embedded in that article is a link to another eWEEK article by Mr. Sturdevant, entitled "Anatomy of a Root-kit Attack". The article makes several references to this "rootkit" before finally naming it..."SpartaDoor". Symantec has several references to "Sparta", including the .B and .C versions...yet none of the write-ups makes reference to any rootkit-like capabilities. Googling for this bit of malware (admittedly, by name...), I found references to it being a backdoor, and IRC bot, and even a RAT...but nothing I found gave any indication that this malware has rootkit capabilities. Now, I'll admit upfront that I don't read French, so something may have been written up in one of the pages I found that I missed.

So...the author is way off base here. Regardless of what he wants this malware to be, for whatever reason, it looks as if it isn't a rootkit at all. You've fallen victim to the recent media hysteria, Mr. S, and jumped squarely on the bandwagon.

One thing that is interesting though is, even given the fact that the second article is, at best, sparse WRT actual information, it does seem to support my previous post, about IT folks being unprepared and ill-equipped.

No comments: