> Nothing new about rootkits. They aren't big news > because they are old news. > Although depressing this is defiantly possible.
Old news, yes...but to some, not everyone. Taking users (home, corporate, academic, etc.) out of it, sysadmins and LEOs are still way behind when it comes to understanding rootkits. Certain privileges are required for the installation of user-mode rootkits, and in the absence of those privs, the rootkits have been shown to *not* install. For some level of detail about this, check out "Windows Forensics and Incident Recovery" (http://www.windows-ir.com). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html