RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Malware Evolving In Nastiness
Search:
[ insider_reports_insider ]

Malware Evolving In Nastiness



David Utter
Staff Writer
2007-05-07

SecurityProNews: Insider Reports Insider Reports RSS Feed


Social engineering and deeper hooks for rootkits are the focal areas for new malware spotted by a couple of security companies.

Malware Evolving In Nastiness
Malware Evolving In Nastiness

The more things change, the more they stay the same, so the saying goes. It's just as true in computer security as it is in anything these days.

Symantec found one Trojan, called Trojan.Kardphisher, that fakes a Microsoft Windows XP activation request. After being installed, the Trojan launches on system boot and displays a message about 'Microsoft piracy control.'

"We will ask you for billing details, but your credit card will NOT be charged," reads one line of the faux Microsoft request. The user can proceed or opt to do the activation later, in which case the Trojan reboots the system and displays the request again.

Choosing to go ahead with the fake activation brings up a screen asking for credit card details. It also asks for the ATM PIN with the card, as well as the card verification code on the back. Submitting this information sends it to the criminals behind the scam.

"The Trojan is not very technical - it's really just another classic social-engineering attack," wrote researcher Takashi Katsuki in the post about the attack. "What makes it interesting is that the author has obviously taken great pains to make it appear legitimate."

At McAfee, researchers found a worm they have identified as W32/Almanahe.a. This charming little piece of malevolence has an interesting approach to hiding the rootkit it places on systems.

The detailed information complete with screenshots may be seen at McAfee's blog, linked above. In short, the rootkit hides in a way that leads common rootkit detection tools to misidentify the hooking entity lodged within a corrupted system.

"The detour approach implemented by W32/Almanahe is neither ground breaking, nor a novel idea, but it is the first instance of use in the wild," McAfee's researchers wrote. "This is yet another testimony to the fact that rootkits in the wild are adopting new techniques to conceal their nefarious code and seep deeper into the kernel."

---

AddThis Social Bookmark Button


Tags: , , ,


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds