Rootkit Trojan in Pro-Tibet Movie Circulating on the Net

Malware developers once again exploiting the ongoing Olympics mood by making a second attempt in a single week to install their malicious code onto users' computers in the third week of April 2008, as reported by The Register on April 15, 2008.

According to news, a video file showing a cartoon making fun of a Chinese gymnast's effort at the eventful games following with pictures supporting an independent Tibet circulating on the Internet with malware trapped in it.

Patrick Comiotto, Researcher at McAfee, warns that the movie first spreads the infection to the user with a malevolent driver. The movie file is loaded onto the %windir%/system32/ driver folder using the name 'dopydwi.sys,' as ereported by Vnunet on April 15, 2008.

While explaining the malware installation, security researchers, said that when the Flash-based film runs, a keylogger with rootkit functions gets installed on the compromised Windows PC. Because of this rootkit component, the malware becomes difficult to detect and clean.

Security researchers further say that the malevolent cartoon is delivered as an attachment to e-mail with the file name as, "RaceForTibet.exe." The data that the keylogger captures is then forwarded to a Chinese-based server.

According to news from Vnunet.com published on April 15, 2008, malware-laced fake press releases and petitions were distributed to groups supporting Tibet in early March 2008 following initial uproar in the region.

Meanwhile, the uncovering of the special keylogger comes one day after Internet security company, McAfee, warned that attackers were modifying pro-Tibet Websites to host malware. So, the recent Fribet Trojan was implanted on compromised Websites and then loaded onto people's computers through Winodws security hole.

The Fribet Trojan's functions are highly sophisticated that allows it to access databases that compromised computers access.

According to news from The Register, Patrick Comiotto, Researcher of Avert Labs has written about the rootkit in question on McAfee's Avert Labs blog providing additional screenshots and technical information.

Meanwhile, turning current events like the Virginia Tech shootings, execution of Saddam Hussein and assassination of Benazir Bhutto to malware distributors' own advantage through crafty social engineering has become common.

Related article: Rootkits Can Be Detected And Eradicated

» SPAMfighter News - 4/18/2008