TrustDefender highlights danger of updated Torpig rootkit and variants

Alex Zaharov-Reutt
Tuesday, 13 January 2009 20:22

Your IT - Home IT

However as TrustDefender notes, they’re not meaning to single out NIS 2009, as the problem will affect most, if not all of the AV and Internet security programs out there.

Harking back to an earlier TrustDefender blog posting on the Trojan Vundo, I tried to clean an XP computer that was infected by Vundo. NIS 2009 wiped the trojan, but after rebooting it came back.

In the end I needed to reinstall a new version of Windows – in this case the Windows 7 beta – to fix the problem. I could have re-loaded XP, but with the new Win 7 beta officially available it was a good opportunity to get this friend onto the latest and greatest – and get NIS 2009 onto their computer afresh to prevent Vundo from coming back and re-infecting their computer.

I note that TrustDefender’s blog was also picked up by the TechRepublic website, with blogger Michael Kassner explaining the issues he had in combating the Torpig/Mebroot/Sinowal rootkit.

He did the same thing I did in the Vundo case: he reformatted the computer and re-installed Windows.

But the main issue is that the average computer user will have no idea what to look for or how to protect themselves which is rather worrying as there are millions out there in this circumstance.

Kassner said: “I also have heard good things about TrustDefender Labs and their applications being able to nullify Sinowal. Other than that, there’s little available to defend against MBR rootkits such as Sinowal. Not wanting to take a chance, I ended up reformatting and reloading the operating system on my friend’s computer.”

TrustDefender’s blog has all the details on their Torpig discoveries, along with screenshots and a short video clip showing what is says is the following: “We have put together a little screen capture movie that demonstrates how Mebroot/Sinowal successfully infects a customer’s PC even with Norton 2009 installed and how TrustDefender protects this use for a Bank of America session.”

The link to the video is at the TrustDefender Blog entry (scroll towards the end of the blog post), and if Symantec or Microsoft haven't already seen it, it should be on their must-see Internet TV schedule.

The same goes for other Internet security companies – and Microsoft, too, for having an operating system that doesn’t protect against the rootkit threat.

End-users, governments, businesses, financial institutions – everyone can potentially be affected. Well, except TrustDefender users.

Now, Symantec has been on a buying spree lately, which makes me wonder why Symantec or even Microsoft itself hasn’t snapped up TrustDefender to immediately implement its technology into its consumer NIS 2009, Norton 360 and corporate security products – or in Microsoft’s case, into its various versions of Windows - including the new Windows 7.

However TrustDefender says that its goal is to be independent of the AV companies and browsers while complimenting the security initiatives of those technologies.

TrustDefender says that the infected machine seen in the video clip will be left running, and they’ll update us all at their blog on how soon the AntiVirus companies “will pick it up once they update their patterns. It will be quite interesting as there is no process running or anything… Let’s see.”

So, if you’re a Windows user, and a switch to Mac OS X or Linux isn’t on the cards for whatever reason, there is a protective solution beyond your existing Internet Security software.

It’s called TrustDefender, and for now, it’s the only security software out there that will protect your financial transactions from rootkits, malware and Internet criminals, even if your computer is infected with already known or brand new, unknown crimeware.

It’s a startling claim and TrustDefender’s site explains how they do it. The software costs money to buy, but isn’t expensive, and comes with a 21 day trial if you want to try it out for yourself.

On a personal level I use TrustDefender and NIS 2009 working together. TrustDefender works with any Internet Security package seamlessly, and it’s browser independent too. I’m running it all on the official Windows 7 beta 1 as well, so even on Microsoft’s latest OS, I’m protected.

Thank goodness for that!