zimages/1/28571.gif Click here to read more about Rbot, a remote-controlled program that also utilizes rootkit methods. New versions of Rbot, a malicious “back door,” or remote control, program, have features taken from FU, a well-known open-source rootkit, F-Secure Corp said in May. Virus writers have also latched on to rootkit programs to help disguise their creations in recent months. Not much is known about the parties behind Cool Web Search, though they are widely believed to be based in Russia or Eastern Europe. The program may also come bundled with reams of other adware and spyware programs, experts say. Once on a system, Cool Web Search hijacks Web browsers, redirecting users to Cool Web Search member sites. The software is typically installed on victims computers from malicious Web pages or e-mail messages that exploit Web browser vulnerabilities or use “social engineering” tricks to get users to agree to install the code. Cool Web Search is a ubiquitous piece of malicious code that is the most prevalent breed of spyware on the Internet, according to Webroot. “The stuff Ive seen is probably homegrown, but most of this stuff is open source, so its easy to borrow a bit from here and a bit from there,” he said. Click here to read more.ĭavid Moll, CEO of anti-spyware software vendor Webroot Software Inc., said researchers at his company have also seen rootkit features appearing in spyware applications like Cool Web Search.ĬA has retrieved samples of Cool Web Search from the Internet with the rootkit features built in, but says the features are not as sophisticated as those found in so-called kernel rootkits, which replace parts of Windows core processor with their own code, allowing the rootkit to be almost completely invisible to users and to many detection tools, Thompson said. zimages/1/28571.gif Malicious remote-controlled bots are also adopting rootkit features to avoid detection. “It makes a lot of sense for spyware, because with spyware youre trying to hide, versus trying to spread,” Thompson said. Thompson said that new variants of the Cool Web Search spyware, detected in recent weeks, can hide configuration settings in the Windows registry and disguise their presence by hiding rootkit files in alternate data streams. The programs often lurk in the background and are difficult to detect, even when they are known to be installed on a system. Using a rootkit, an attacker can peruse a compromised machines hard drive, set up or change user accounts, add, delete, or modify files, and communicate with other machines on a network or the Internet. Rootkits are programs that give remote attackers administrative access to compromised machines. The new spyware variants are a sign of the increasing sophistication of malicious code authors, and of spyware makers, according to Roger Thompson, director of malicious content research at Computer Associates International Inc. Recent versions of the Cool Web Search spyware have rootkit-like features that allow the spyware authors to hide their program files on Windows systems. The makers of one common spyware program are borrowing techniques from another type of malicious program, known as “rootkits,” to help evade detection on systems they infect, spyware experts say.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |