Rootkit malware has double sting in its tail
By Robert Jaques, 31 August 2006
Security experts have warned of newly intercepted malware which loads a rootkit onto compromised PCs. The rootkit blocks search engines by changing local DNS settings, and installs additional malicious code.
According to Panda Software, the Zcodec malware is included in a program that purports to install codecs needed to play some multimedia formats.
When unwitting users are about to install this application, a user licence window is displayed. However, no codec is installed.
The program does not wait for users to accept or reject the licence agreement, as Zcodec is installed on the computer when they click on the downloaded file.
Once downloaded, a rootkit is installed. Rootkits are a program designed to hide processes, files or registry entries.
Zcodec installs two executable files. The first modifies the DNS settings so that when a user clicks on results from search engines a different page is displayed.
This tactic is exploited by the program's creators to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
Additional malware executables vary. In some cases it installs the Ruins.MB Trojan designed to download other malicious programs onto the system.
On other occasions the file continually launches a casino application, asking for the user's permission for installation.
However, even if the user rejects installation of the program, an icon is created on the Windows desktop which will prompt installation when clicked.
"The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings," said Patrick Hinojosa, chief technology officer at Panda Software USA.
"The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the internet, it is vital to make sure that your system is protected.
"To protect against this type of malicious program, it is also essential to check the source of any files downloaded onto the system as well as to pay close attention to the licence agreements when installing programs."
Copyright © 2006 vnunet.com
By Robert Jaques, 31 August 2006
Security experts have warned of newly intercepted malware which loads a rootkit onto compromised PCs. The rootkit blocks search engines by changing local DNS settings, and installs additional malicious code.
According to Panda Software, the Zcodec malware is included in a program that purports to install codecs needed to play some multimedia formats.
When unwitting users are about to install this application, a user licence window is displayed. However, no codec is installed.
The program does not wait for users to accept or reject the licence agreement, as Zcodec is installed on the computer when they click on the downloaded file.
Once downloaded, a rootkit is installed. Rootkits are a program designed to hide processes, files or registry entries.
Zcodec installs two executable files. The first modifies the DNS settings so that when a user clicks on results from search engines a different page is displayed.
This tactic is exploited by the program's creators to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
Additional malware executables vary. In some cases it installs the Ruins.MB Trojan designed to download other malicious programs onto the system.
On other occasions the file continually launches a casino application, asking for the user's permission for installation.
However, even if the user rejects installation of the program, an icon is created on the Windows desktop which will prompt installation when clicked.
"The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings," said Patrick Hinojosa, chief technology officer at Panda Software USA.
"The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the internet, it is vital to make sure that your system is protected.
"To protect against this type of malicious program, it is also essential to check the source of any files downloaded onto the system as well as to pay close attention to the licence agreements when installing programs."
Copyright © 2006 vnunet.com
