Rootkit Creators Annihilating Their Mutual Codes

It is being observed that malware developers are attacking competitors for maintaining full control over compromised PCs. In a particularly fascinating instance, the person who created TDL 3 rootkit was struck with the idea of trading its source code to earn some extra bucks. Afterdawn reported this in news on August 10, 2011.

And because of the sale of the source code named 'ZeroAccess' there allegedly occurred additional Click Fraud components. Essentially, the fresh sample, ZeroAccess determines if TDL is present on a system and in case it's found the ZeroAccess rewrites random info on the rootkit's concealed disk following which the malware becomes inactive. ZeroAccess then acquires complete hold of a system, making the PC do specific tasks, with merely search-hijackers and ad-clickers becoming viable.

In the meantime, cyber-criminals are putting into play their resources feeling more convinced of gaining complete control over people's systems. And soon as the infection weakens a port, it becomes rather complicated for eliminating a rootkit because of the way it works.

Moreover, when rootkit creators compromise infected computers and utilize them for waging distributed denial of service assaults, junk e-mails get bombarded as well as other tasks get done, which depend on plentiful PC units, since the individuals behind the activities prefer hardware for carrying them out so nobody can effectively detect.

Explaining further, Jacques Erasmus from Webroot says that the first person who developed TDL 3 rootkit created twin editions of it, selling the initial one to the perpetrators of ZeroAccess, while keeping the latter for himself. The Register published this in news on August 10, 2011.

The fresh threat not only removes a rival working with a different rootkit on a contaminated computer, but it also erases a former worm thus providing itself with an already configured bot, which actually doesn't draw the attention of the owner of the compromised PC.

Unluckily, at least hitherto, none of the malware items progressed to the stage where it became easy for loading both on the same PC, have them mutually removed as also leave the system more pure compared to what it was earlier.

Related article: Rootkits Can Be Detected And Eradicated

» SPAMfighter News - 8/20/2011