New Malware Replaces Other Rootkits with its Own
Security Analysts at Trend Micro, the security and research firm, revealed a new piece of malware that miscreants have authored to clean out rootkits from hijacked computers so they can install their own undetectable backdoor code.
The security company has identified the malware as Pandex Trojan and said that the Trojan halts the working of previously planted rootkits by eliminating their hooks only to plant its own component of rootkit.
As security researchers have defined, rootkits are malware that conceal themselves on infected computers, making them stealthier and more destructive than normal computer viruses. As rootkits operate at a level lower than the conventional tools for scanning malware, it is easier for them to run covert activities such as logging of keystrokes without getting caught.
According to PandaLabs' security researchers, crooks on the Internet employ rootkits to conceal the activities of malicious programs, making them undetectable by security solutions as well as the operating system. Therefore, rootkits work ideally as hackers' tools.
Meanwhile, on several past occasions, malware authors and virus writers competed in the drive for controlling vulnerable computers. For instance, in 2005, various hacker groups released swarms of worms while battling to get hold of computers running Windows, which at that time, were exposed to the Windows PnP (Plug-and-Play) vulnerability.
Malware writers and security researchers say that the Bozori virus was created in October 2005 to clean infections from the older, Zotob variants and other malicious programs, so that it could make its own hold on a compromised PC. A group of IRC (Internet Relay Chat) bots that also exploit the PnP vulnerability in a similar way tried to eliminate striving PnP bots.
In 2004, there was one more computer virus, Netsky, that was programmed to remove MyDoom and Bagle infections from hijacked PCs. Security researchers say that these viruses were released when rival VXers were engaged in an ongoing battle of words. Lately, in January 2007, a fight burst out between Storm worm creators and their competitors.
The new "Pandex Trojan" is, however, the latest instance of traditional malware reviewing together with replacement of code.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 08-03-2008