Lost+Found: root kit protection, Koobface, Windows 7, Gumblar
HookSafe is intended to make things difficult for rootkits by protecting kernel hooks from manipulation. It relocates the kernel hooks to a central memory space which it then monitors. In order to ensure that it does not itself fall victim to a rootkit, HookSafe runs as a hypervisor, with the protected system running as a guest. Experiments at North Caronlina State University found that HookSafe was able to protect against nine known rootkits.
According to Trend Micro, the authors of Koobface are using hacked Google Reader accounts to spread links to their malware. The infected pages are shared using the "Share" or "Share with note" functions.
Sophos has subjected Windows 7 to a virus test using 10 viruses and found that eight were able to run without triggering a UAC prompt. Q.E.D. even Windows 7 needs anti-virus software. Who would have thought it?
Attacks by Gumblar, originally identified in May in connection with mass hacks of websites, appear to be on the rise again. ScanSafe and IBM's X-Force have observed increased activity at the websites in question. The attackers have also added new exploits to their arsenal. It is being reported that the latest Gumblar attacks are able to successfully manipulate WordPress installations.