Rootkit block Sonar2 in NIS10

Norton Security | Norton Internet Security
1

During today's malware test (in a virtual machine) I noticed that a rootkit infection  put out of function  Sonar2 behavior detection .

 

http://img179.imageshack.us/i/sonar20107.jpg/

 

in this Picture you can see many Detections but after 9.20AM Sonar2 dont work and do not detect Samples which had previously been detected. 

after examining the system I had found the problem , a Rootkit . Combofix show this Infection in the next 2 pictures.

 

http://img38.imageshack.us/i/96061492.jpg/

 

http://img10.imageshack.us/i/13265798.jpg/

 

After cleaning this Machine  , Sonar2 works again at 10.15AM .

 

if you have Problems with Sonar2  , Control your PC on an infection  ! ;)

2

Submit the sample of that at symantec page

https://submit.symantec.com/websubmit/retail.cgi

 

This is certainly a serious threat must be dealt treadfully. 

3
Rohit1gupta wrote:

Submit the sample of that at symantec page

https://submit.symantec.com/websubmit/retail.cgi

 

This is certainly a serious threat must be dealt treadfully. 

 

This is a well known rootkit that keeps evolving.
4

My impression was Sonar2 is not adequately protected against rootkit attacks. The NIS2010 themselves worked well, but in such cases NIS2009 worked no-longer and was blocked.

 

I would recommend the issue for Symantec to search the Problem between Tamper Protection and Sonar2 .