Win32.Ntldrbot (Aka Rustock.C) No Longer A Myth, No Longer A Threat - New Dr Web Scanner Detects And Cures It For Real

Moscow, Russia (PressExposure) May 10, 2008 -- These days the world marked the 30th anniversary of spam which has already become a worldwide issue. Experts assess up to 90 per cent of our e-mail to be completely irrelevant and irritating. Win32.Ntldrbot is one of the reasons behind the booming activity of spammers.

The main task of Win32.Ntldrbot is infecting PCs, turning them into spamming bots in botnets. According to Secure Works, the botnet built by Rustock is the third largest and distributes around 30 billion spam messages daily.

Besides, the rootkit remained completely undetected. Supposedly, it has been doing so since October 2007: neither anti-virus companies, nor virus makers were able to obtain a sample of Rustock.C. Meanwhile, the rootkit turned out to be real.

Eighteen months passed before Win32.Ntldrbot has been found by analysts of Doctor Web, Ltd. at the beginning of 2008. Dr.Web virus monitoring service found about 600 samples of the rootkit but nobody knows how many are remaining. It took several weeks to unpack and analyze the rootkit and to improve the detection technology.

All this time the rootkit was in the wild compromising PCs and turning them into bots.

Assuming that the malware has been running free and completely invisible since October 2007, one could asses the resulting amount of infected traffic. Today no one can guarantee that your machine, too, is not infected. Probably it has become a bot and is sending out spam right now.

At present, no other anti-virus program, except for Dr.Web anti-virus can detect Rustock.C. Those who are not Dr.Web customers can download free Dr.Web CureIt! utility and scan the computer, to be on the safe side.

Once virus writers manage to obtain a sample of the rootkit, the flourishing of similar technologies and their implantation into viral programs will become a matter of time.

The attachment to the article contains more technical details about the rootkit.

About Doctor Web, Ltd

Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.

Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.

Lucia Gourtovaya
International Sales Director
Doctor Web, Ltd.
Mail to:

Press Release Source:,_Ltd.html

Press Release Submitted On: May 06, 2008 at 4:43 am
This article has been viewed 5317 time(s).