Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fresh Version of Rovnix Malware Identified at CSIS

CSIS the security company based in Denmark has said that its researchers have uncovered one fresh variant of malware Rovnix which contains two extra features - an algorithm for generating fresh domains and one secure transmission panel to interact with servers that command-and-control the malware.

Reportedly, Rovnix is that malicious program which other malicious programs have been distributing. During 2013, Microsoft cautioned end-users of a malware scam which distributed Upatre another malware served via spam mails. When loaded onto any target computer, Upatre may establish communication with its C&C system followed with downloading Rovnix, which would subsequently attempt at inserting itself inside explorer.exe, name of a Windows process.

Security Expert Peter Kruse at CSIS stated that developers of Rovnix had added the mentioned features to Rovnix for enabling it elude recognition via different security solutions. Threatpost.com reported this in news on October 9, 2014.

Kruse explained that the most recent Rovnix version had a different protocol so it could bypass traffic detection. Therefore, currently, it was producing an arbitrary filename whose first letter alone was important. The data that got transmitted had a base64-encoded arbitrarily produced value. Securityweek.com published this dated October 10, 2014.

Further according to Kruse, Rovnix creators had erased the bootkit element of the malware, so it now solely aided one user-mode element.

CSIS has identified 3 malware scams distributing Rovnix of the new version, and these scams target users of Norway and Poland of the European Union geography.

As different from earlier Rovnix operations, the malware authors of the newer campaigns have encoded messages exchanged with the C2 infrastructure.

Kruse noted that possibly the C2 structure was again written and differently named following the publicity of a bug that impacted the earlier variant. CSIS was able in getting a manual that was in Russian language with which the C2 structure was set, he added. Infosecurity-magazine.com reported this in news on October 10, 2014.

Meanwhile, it was during May 2014 when according to Microsoft, one fresh Rovnix sample produced a VFS (virtual file system) utilized for stacking all components of the malware as well as the data it stole.

ยป SPAMfighter News - 10/20/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page