Alureon Rootkit Returns to Windows PCs

The Microsoft Malware Prevention Center (MMPC) states that in May 2010 Malicious Software Removal Tool (MSRT) has removed a latest variant of Alureon rootkit, allegedly from almost 360,000 Windows systems since its launch in May 11, 2010.

This accounts for almost 18.2% of total detections by MSRT for May 2010, more than twice the 8.3% which Alureon estimated in April 2010. During April 2010, MSRT sanitized almost 260,000 Windows computers of the rootkit.

Further details of the MMPC report indicates that Virus:Win32/Alureon.A contaminated 47,310 computers, Virus:Win32/Alureon.B infected 5,546 PCs, Virus:Win32/Alureon.F affected 20,717 machines, Virus:Win32/Alureon.G infected 50,581 computers, and Virus:Win32/Alureon.H contaminated 155,394 machines. Apart from this, Alureon trojans and Droppers estimated for 81,521 of the total infections which MMPC compiled in its May report.

Joe Johnson from the MMPC said that the latest .H variant of this rootkit is the most important as far as pervasiveness is concerned. There were many changes in the rootkit design so as to make it escape detection and removal, implying that Alureon is still being developed and circulated. One of the crucial changes noticed was to hit random system drivers in place of the hooked miniport drivers only. As a result, this can cast negative impacts on the system depending upon the selected driver, as per the news published by softpedia.com on May 24, 2010.

For instance, MMPC informed that they have seen some systems with disabled keyboards because of the infection. On other systems, Windows XP suddenly asks for reactivation as the infection looks like a crucial hardware change.

In the report, the other exciting discovery made by MMPC is that almost 65% (two-thirds) of the computers infected with Alureon in May 2010 were running Service Pack 3 (SP3) of Windows XP, and the second spot was held by Windows XP SP2 (14%). Microsoft says that just 3.5% of the systems infected with rootkit were found running Windows 7, as per the news published by computerworld.com on May 24, 2010.

Unfortunate news regarding Alureon has been circulating for quite some time now. During February 2010, Alureon was held responsible for damaging Windows XP PCs with the infamous Blue Screen of Death (BSOD).

Related article: Alarm Raise Over Vulnerability in Trend Micro’s Anti-Virus Tool

» SPAMfighter News - 03-06-2010

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner