Malicious hackers have fitted rootkit features into the newest mutants of the Bagle worm, adding a stealthy new danger to an already virulent threat.According to virus hunters at F-Secure, of Helsinki, Finland, the latest Bagle.GE variant loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners.
The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti-virus software and maintain a persistent and undetectable presence on infected machines.
Rootkits are typically used by attackers to open a backdoor into Windows systems, collect information on other systems on the network and mask the fact that the system is compromised.
In the case of the Bagle.GE rootkit, F-Secure researcher Jarkko Turkulainen said the rootkit successfully hides processes, files and directories, registry keys and values and contains code that will prevent certain security related processes and kernel-mode modules from running.
It also contains commands to disable security software and delete security-related files whenever they are opened.
F-Secure also found evidence of a rootkit in Gurong.A, a new worm that is based on the Mydoom code.
Both Mydoom and Bagle are considered "heavy hitters" in the world of malware research.
Read the rest here
No comments:
Post a Comment