Mark Russinovich of Sysinternals and the F-Secure Blacklight team has been credited by the security vendor Symantec, for helping the company solve a rootkit-like technology found in the Norton SystemWorks software.
Symantec released Thusday a security advisory
prompting users of the Norton SystemWorks software to update to the latest version in order to patch a security issue related to the Norton Protected Recycle Bin feature.
Norton SystemWorks contains a feature called the Norton Protected Recycle Bin, which resides within the Microsoft Windows Recycler directory. The Norton Protected Recycle Bin includes a directory called NProtect, which is hidden from Windows APIs. Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer.
The technology aims to help the user recover files without running the risk of accidentally deleting them.
"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," the advisory continued.
Symantec said that it is not aware of any attempts by hackers or worm authors to exploit the feature.
Symantec credited security vendor F-Secure and software developer Mark Russinovich with finding the vulnerability. Russinovich had disclosed
last November that Sony BMG had been deploying rootkit technology as part its XCP anti-piracy technology for its audio CDs. In this case the rootkit aimed to hide the software from the user, preventing it from being uninstalled.
Although someone might claim that Symantec's and Sony BMG's "RootKits" act in the same basic manner by hiding software from Windows' APIs, Sony BMG's Rootkit
did more than just hide files, as it was designed to provide an attacker with a backdoor into hacked computer system.
After all, unlike Sony's rootkit, Symantec's rootkit can be turned on or off and it can easily be uninstalled by the user through the Norton SystemWorks software.