Monday, March 21, 2005
Spyware authors challenge BlackLight Posted by Mika @ 14:33 GMT

A spyware manufacturer released a version of their trojan that they market as "Hidden from by F-Secure BlackLight Rootkit Elimination Technology!". They use a known trick that may fool programs that scan for rootkits. This trick depends on identifying BlackLight process and not hiding from it at all.

But the good news is that there is an easy workaround. Just rename the fsbl.exe file to something that doesn’t contain fsbl on its path. This is as a matter of fact a good thing to do with any rootkit scanner. So we suggest those who try out F-Secure BlackLight beta to rename the binary into something random before running it.

zsbl_found (25k image)

Above: BlackLight beta (renamed to zsbl.exe) detecting the trojan in question

<<< Two new Symbian trojans in one day.
Three new Symbian trojans in one day >>>