Categories: General
Date: Dec 17, 2010
Title: New Adware-Loading Rootkit Identified
Security researchers at BitDefender say that they've identified one fresh rootkit that apparently loads numerous adware programs onto contaminated PCs. The malware, which's identified as Rootkit.Woor.A, loads itself like an arbitrarily named utility as also works like any system driver. Consequently, it manages to act using kernel privileges.
Security researchers at BitDefender say that they've identified one fresh rootkit that apparently loads numerous adware programs onto contaminated PCs. The malware, which's identified as Rootkit.Woor.A, loads itself like an arbitrarily named utility as also works like any system driver. Consequently, it manages to act using kernel privileges.
Furthermore, other malicious acts of the rootkit include it replacing the content of the authentic explorer.exe following which the new explorer.exe version is summoned when the system boots up. On booting, the malicious explorer.exe ensures that it runs accurately as also that its required illegitimate registry keys have a proper presence.
Thereafter it begins to pull down Windows Explorer that's inside the dll cache of the system, fooling the user into thinking that his system is performing as usual.
Moreover, Rootkit.Woor.A also does harm by preventing the operations of anti-virus software as well as other software that monitor the system.
Says BitDefender that for the rootkit it's important to have these software applications debugged using the debugger ntsd.exe-d, when initiated to operate. Incidentally, as per the '-d' option, it's necessary to have all debugger results dispatched and stored inside the kernel debugger. This therefore prevents the chosen executable from operating because there neither is any 'ntsd' on the affected system nor a kernel debugger appended.
Meanwhile, remarking about the final objective of Rootkit.Woor.A viz. installing adware or other software, security researchers from BitDefender outlined that working as a massive business, adware yielded huge revenues. As a result, the malicious software had deteriorated from its significant opting-to-un-install utility to installers, which automatically does things and yet without notifying the user.
Worryingly, these kinds of attacks are responsible for the unique rise in malicious software like it has been observed during Q3-2010. In fact, according to McAfee the security company's Q3 (July-September) 2010 report, the rise in malware on a daily basis is at its peak now, whereby a mean of 60,000 fresh malware samples has been detected daily that's nearly four-times that of 2007.
Eventually, security specialists recommend that users must remain watchful while working online so they may prevent such Internet dangers from striking them.