Mpack installs ultra-invisible Srizbi Trojan
July 05, 2007 (Computerworld) -- The notorious Mpack hacker tool kit is installing malware that carries out all its chores -- including spewing spam -- from within the Windows kernel, making it extremely difficult for some security software to detect, Symantec Corp. said today.
The Trojan horse that Symantec has dubbed "Srizbi" is being dropped onto some PCs by the multi-exploit Mpack, a ready-to-use attack application that until recently has been selling for around $1,000. Responsibility for a large-scale attack launched from thousands of hijacked Web sites last month was pinned on Mpack, as was a follow-up campaign waged from compromised Internet porn sites.
Although Mpack can force-feed any malicious code to a commandeered PC, Symantec researchers said Srizbi stands out. Rather than follow the current practice of hiding only some activities with rootkit cloaking technologies, Srizbi goes completely undercover. The new Trojan, said Symantec, works without any user-mode payload and does everything from kernel-mode, including its main task: sending spam.