ESET Spots Fresh Rovnix Rootkit Strain

Researchers from ESET claim they've just discovered one fresh variant of the notorious rootkit Win32/Rovnix, which aims attacks on Windows operating system. Security analysts from the company state that there'll be a rise of native 64-bit malicious programs, particularly rootkits during 2012. Efytimes.com published this dated February 28, 2012.

Reportedly, when first detected during 2011, the Win32/Rovnix rootkit acted as the foremost bootkit that spread VBR (Volume Boot Record) infection, the researchers said. ESET, which detected a fresh modification of Rovnix installer at February 2012 beginning, has dubbed the dropper Win32/Rovnix.B. This installer, similar to other rootkit installers, gets disseminated with the aid of affiliation schemes such as Pay-per-Install program. Players behind such schemes earn $8-$160 when they get 1,000 installations done of the Rovnix malware. In India, the pay-per-click reward is the least.

Meanwhile, earlier, Win32/Rovnix was chiefly served via the netox.biz and malwox.com domains accompanied with affiliation schemes. Such schemes' players usually select websites related to video and image storage, porn/adult material, and games for installing malicious software.

Senior Research Fellow, David Harley at ESET states that it appears as if the Rovnix creators haven't let any wastage of time. The latest variant has self-defense systems as one of its chief features, which would stop anti-virus programs from detecting the malware. The other is the malware's ability to maintain hidden storage for stacking data related to configuration settings along with the payload incorporated. Rovnix uses mechanisms that are its own for maintaining data that lets it get past forensic analysis as well as adds more treacherous functions for eluding anti-virus detection, Harley explains. Efytime.com published this.

Interestingly, the Win32/Rovnix type of bootkit makers that create VBR bootkits can be bought on the underground economy. Indeed, as per ESET researchers' forecast, there'll be considerable rise in fresh malware scripts for attacking 64-bit OSs during 2012, unlike the greatest of perilous bootkits and rootkits that so far have been attacking chiefly 32-bit software.

Conclusively, bootkit and rootkit approaches lets malicious software maintain its configuration data and payload totally secret in places unreachable by anti-malware software; consequently, these malware serve as cyber-criminals' extremely powerful tools.

Related article: ESET Discusses malware Writers’ Trend

» SPAMfighter News - 3/6/2012