1 December 2008
A blast from the past: a rootkit for hiding authentication software, first discovered on Sony USB sticks in 2007, has reappeared ? this time in Enterprise Information Security Software. According to Trend Micro's malware specialists, the rootkit appears to be part of an Enterprise Information Security (EIS) system. Companies use EIS software to monitor whether their policies and processes are being followed.
According to the description, the rootkit, SCS11HLP.SYS, anchors itself in the system as a driver and hooks certain APIs by manipulating their code during runtime. It then hides processes pertaining to the EIS software and conceals a log directory (C:\XLog) which as a result, can no longer be viewed even through Process Explorer. Trend Micro reports that hiding a folder is not malicious in itself, but offers potential attackers the possibility to hide malware from virus scanners. Three years ago there was public outcry when the Sony rootkit, designed to hide copy protection software, was discovered on music CDs.
Enter to win* a free holiday tech gift!
CNET's giving five lucky winners the gift of their choice valued up to $250!