Rustock, also known as “Spambot”, is a family of back door programs with advanced user and kernel mode rootkit capabilities. Rustock has constantly been in development since around November, 2005. Rustock is a tough threat to combat because of its approach of combining multiple evasion techniques to remain undetected by commonly used rootkit detectors, such as Rootkit Revealer, IceSword, and BlackLight.
To obtain a “deep dive” on how Rustock works and why it is currently able to defeat so many security vendors, please visit Symantec’s Handling Today’s Tough Security Threats Web site. Once on the site, please look for the Rustock High Level Overview and Rustock Technical Overview Webcasts and click on their links to listen to the Webcasts.