Investigating Rootkit Capabilities in Bagle Variants: Stealthy Threat

Malicious hackers have fitted rootkit features into the newest mutants of the Bagle worm, adding a stealthy new danger to an already virulent threat. According to virus hunters at F-Secure, of Helsinki, Finland, the latest Bagle.GE variant loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners.

The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti-virus software and maintain a persistent and undetectable presence on infected machines.

The link for this article located at EWeek is no longer available.