Trojan Exploits Multiple Loopholes, Uses Rootkit To Hide
MicroWorld technologies are alarmed at the discovery of a Trojan programme that lay concealed within Rootkit program to obviate detection until now. The Trojan is capable of inflicting damages to unguarded component of Microsoft Windows Operations Networks. All of these activities are undertaken under the façade of Rootkit Software.
The distribution of Trojan bot titled 'Backdoor.Rbot.ayg'is via an immediate messaging patron from AOL. Once established in the Windows registry, it attaches itself to several computers in the network, manipulating the new MS06-040 loophole and earlier version loopholes like MS03-049 in Windows. This bot can be compared to a novel bot 'IRC Bot-ST 'which processed MS06-040 and initiated a 'Zero-day' assault on PCs. Its mode of functioning resulted in the abuse of AOL messenger at points that had been attacked in the older version of Windows.
Trojan with network creeping abilities uses Rootkit 'Win 32.Rootkit.1'component to hide itself. It is accessible to hackers through IRC channels where it is likely to admit inputs perform command functions. Its ability is shocking from onset of execution till rebooting and exit. It can log on to different websites, log-off user accounts, effect malware download, and collect data of users, and process files and hard disk for specific details. It does not stop at this. It is efficient enough to forward all these details to the hackers.
The threat caused by such malware samples shows characteristics of hybridization in code and its invasion through Multiple Layering method. As stated earlier Trojan cloaks itself in Rootkit part of the software. It is distributed through a double passageway comprising Instant Messenger and Vulnerability Exploitation. The Trojan uses the Rootkit installed in the computer for future invasions.
Sunil Kripalani an official from MicroWorld Technologies has commented on this issue. In his statement he reflected that if the concerned agencies pledge in earnest to do away with this new style attack, corrective actions are possible in operating systems and allied applications. The client feels Kripalani purchase an anti-virus and expects the software to be usable and effective in all forms of technologies. That is why the protective software should be competent enough to function as a leader with multiple technologies and in a format well advance than Virus writers.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 22-09-2006