IT Management Begins With Security
SecurityProNews > News > Security News > Trojan Bot Exploits Windows Vulnerability, Drops Rootkit
Search:
[ news_security_news ]

Trojan Bot Exploits Windows Vulnerability, Drops Rootkit



Btv Raj
Contributing Writer
2006-09-15

SecurityProNews: News RSS Feed Security News RSS Feed


A network creeping Trojan itself is insidious in nature and what if it uses a Rootkit to evade detection as well...

Security Experts at MicroWorld Technologies inform that a Trojan Bot is exploiting multiple Windows vulnerabilities to spread in networks, whilst using a Rootkit component to hide its files and processes.

'Backdoor.Rbot.ayg' spreads via AOL Instant Messenger at its first level of proliferation. Once it is installed in the system registry, the Bot can move to other computers in the network by exploiting the recently found and patched Server Service Vulnerability-MS06-040 and earlier flaws like MS03-049 in Microsoft Windows.

Last month, MicroWorld Technologies had reported about 'IRCBot.st', which exploited MS06-040, to launch a zero-day attack on targeted computers. It had an identical spreading routine using AOL Messenger and was also capable of exploiting earlier flaws in Windows.

Backdoor.Rbot.ayg uses 'Win32.Rootkit.l' to hide its files and processes. It communicates to the remote attacker via IRC channels and accepts and executes commands. The Bot can shutdown and restart the computer, log on to websites and download malicious code, log off current user, send files to the intruder, capture network user information and search disks for files.

"What's worrying with these sorts of malware samples is that they show increased hybridization in code and Multiple Layering in mode of attack," observes Manoj Mansukhani, Head-Technology and Marketing, MicroWorld Technologies.

"As you see, this is a Backdoor Trojan with network creeping abilities, which uses a Rootkit component to hide itself. For spreading, it employs dual channels of Instant Messenger and Vulnerability Exploitation while the Rootkit deposited in the computer can even be used by a future Trojan. All this points towards a lot of planning, improvisation and innovation that goes into creating and proliferating malware today"

MicroWorld Labs closely studies the evolution of various malware breeds, to develop and implement dynamic technologies that combat today's emerging threats in a comprehensive manner.

Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies, observes "If you are serious about security, you just can't be complacent in patching vulnerabilities in Operating Systems or other applications. However, regardless of security flaws in OS or elsewhere, you must be able to rely on your AntiVirus software to protect your system from all kinds of malware types. And that will be possible only when the security software combines multiple technologies that are proactive and reactive in nature and always keeps a few steps ahead of Virus writers."

MicroWorld

MicroWorld Technologies (www.mwti.net) is the developer of the world's most advanced AntiVirus and Content Security software eScan for desktops and servers. Its gateway-level email security software, MailScan, is a comprehensive mail scanner for your SMTP/POP3 Mail Servers. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready. On the Network Security side, MicroWorld offers a powerful, futuristic network firewall branded as eConceal. To learn more, kindly visit http://www.mwti.net.


About the Author:
To learn more, kindly visit http://www.mwti.net.

Btv Raj is the Content Writer and Creative Visualizer, MicroWorld Technologies.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds