New Malware Takes Form of Rootkits

Malware and spyware are using a recently emerged rootkit technology that can considerably damage computer systems. The malware if executed and installed on the system can change the Windows API library and modify functions used by Windows applications to conceal its presence on the desktop.

Says Justin Doo, regional director, Trend Micro Middle East and Africa, viruses earlier were designed to multiply rapidly and create havoc on entire networks, but current threats like spyware and botnets remain undetected on affected systems for as long as possible.

Rootkit technologies let spyware and bots to conceal their files and configurations on the computer. They are even capable of escaping detection by anti-virus software. The typical mediums through which rootkits and rootkit-enabled malware spread are e-mail, spam, instant messaging and manipulation of vulnerabilities.

Different techniques are now frequently combining to launch attacks on computers. The creators aim to infect computers without letting users suspect. Since the Internet is loaded with many malicious programs, it is crucial that users have their systems protected. A new group of anti-malware tools has come up to deal with it. It is not a gateway tool and not a desktop cleaner.

The tools modify executable files to allow, deny or restrict the running of any software. They do not try to recognize malware, but use whitelists, blacklists and policies to make Windows permit executables. This happens even if the system is logged in as an administrator.

The anti-malware tools obstruct running of unknown applications by taking the help of Windows 'privilege levels'. They allow execution of known applications with reduced privileges. In addition, they allow application to fully access files/ directories, including 'operating system directories'. The tools are capable of adjusting to the applications' privileges or if wanted, stop an application.

When anybody unknowingly clicks on a Web page link that downloads malware and if the above software is already installed on the PC it interrupts the malware from running.

Apart from this users should verify the source of any files downloaded onto the computers as well as carefully read the license agreements that come with the programs before installing them.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 9/20/2006