Rootkit Torpig Described as Most Dangerous Malware
According to security firm TrustDefender, a fresh wave of an old-time and notorious rootkit Torpig, also called Mebroot and Sinowal, is observed. This rootkit is among the nastiest malware in the world whose only purpose is to steal people's identity and money.
Users of Linux and Mac OS X are safe, says the firm, but billion of Windows users could be affected if they neither install protective software nor use updated protection.
According to TrustDefender, the rootkit strikes the computer even prior to the booting of the OS (operating system). The malware also indicates that its creators could potentially attack other OSs if they desire. However, currently the rootkit's designers are clearly targeting Windows systems.
Furthermore, the firm describes the way an advanced version of Torpig works. First and foremost, according to the experts, the variant spreads via drive-by download. Subsequently, it checks the geographic IP so that the intended target might be controlled. This way the specific geographic locations could be targeted although home users too would be targeted, making it difficult for security officials to deal with the malware.
Secondly, after infection on the system, the rootkit would become inactive for any length of time. The security researchers at TrustDefender state that they had to hold on for about six minutes prior to make change in the Master-Boot-Record. This waiting was clearly to dupe security researchers as well as malware detection tools that see no other activity except that they need to run the loader. And then, Torpig executes itself after a restart.
The researchers said that the rootkit remains utterly invisible because it doesn't render any malicious component during its automatic execution. An infected PC with Norton 2009 on would never spot anything even if a full scan is run on that system.
Thus, the malware has been prevalent for nearly 3 years and its continued existence suggests its tenacity. Traditional AV firms, who are finding it hard to help infected Windows users, recommend they use up-to-date security.
Related article: Rootkits Can Be Detected And Eradicated
» SPAMfighter News - 21-01-2009