Another real nasty!

Not open for further replies.
May 27, 2002
Canberra ACT Australia
Rootkit malware has double sting in its tail
By Robert Jaques, 31 August 2006

Security experts have warned of newly intercepted malware which loads a rootkit onto compromised PCs. The rootkit blocks search engines by changing local DNS settings, and installs additional malicious code.

According to Panda Software, the Zcodec malware is included in a program that purports to install codecs needed to play some multimedia formats.

When unwitting users are about to install this application, a user licence window is displayed. However, no codec is installed.
The program does not wait for users to accept or reject the licence agreement, as Zcodec is installed on the computer when they click on the downloaded file.

Once downloaded, a rootkit is installed. Rootkits are a program designed to hide processes, files or registry entries.

Zcodec installs two executable files. The first modifies the DNS settings so that when a user clicks on results from search engines a different page is displayed.

This tactic is exploited by the program's creators to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.

Additional malware executables vary. In some cases it installs the Ruins.MB Trojan designed to download other malicious programs onto the system.

On other occasions the file continually launches a casino application, asking for the user's permission for installation.

However, even if the user rejects installation of the program, an icon is created on the Windows desktop which will prompt installation when clicked.

"The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings," said Patrick Hinojosa, chief technology officer at Panda Software USA.

"The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the internet, it is vital to make sure that your system is protected.

"To protect against this type of malicious program, it is also essential to check the source of any files downloaded onto the system as well as to pay close attention to the licence agreements when installing programs."

Copyright © 2006
Yeah, this is the hot new thing. The rootkit jumps in through a crack and then lets its "buddies" in later.

It's getting very sophisticated. Some of this scumware will attack installation of the more effective antispyware scanners (these misfits keep track of that fact, too) and will eliminate competing scumware.

I was happy to learn that some recent scumware tries to attack my current ASW, Superantispyware - a booming seal of approval as far as I'm concerned.

But it's hard to believe . . . using one scumware to remove another one.
I just put my first Linux box into production. It's nice to go back to the Linux/Unix evironment given its incredible flexibility and harder security (assumming the admin doesn't do stupid things like a root password of "abc123", etc...)

Yeah, root kits started with the Unix world, but they've proliferated in the world of Windows and IE integrated together. I can only imagine how many credit cards #'s, SS#'s, etc are in the hands of those who plan to do harm to unknowing victims.

I wonder if Microsoft will ever get sued because of this. Heck, people sue gun manufacturers when a killing happens, why not sue the Microsoft as they are the reason the identity theft happened? Seems logical from a money-hungry, ticked-off citizen's point of view.
Not open for further replies.