Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

Malware alters Internet search results using a rootkit

Date: 22 September 2006
Issue: Two hundred and four (18/9/06 - 22/9/06)
(ICT World)
Category: Technical & Product News
PandaLabs has detected the appearance of Zcodec, a malicious program which uses a rootkit to hide its malicious actions. It also alters Internet search results and installs other malicious code on the system.

Zcodec is included in a program that supposedly installs the codecs needed to play a certain multimedia format. When users are about to install this application, a user licence window is displayed. However, no codec is installed, and the program does not wait for users to accept or reject the licence agreement, as when they click on the downloaded file, Zcodec is installed on the computer.
 
Once on the system, a rootkit (a program designed to hide processes, files or registry entries) is installed so that users cannot see which files are being run. In this way, Zcodec installs two executable files.

The first of these modifies the DNS settings on the compromised computer so that when a user clicks on results returned from search engines such as Google, a different page is displayed. This tactic is exploited by the creators of the program in order to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
 
The second executable file can have two different actions, which are executed at random. In some cases it installs the Ruins.MB Trojan, designed to download other malicious programs on the system. On other occasions, the file continually launches a casino application, asking for the users permission to install it. However, even if the user rejects installation of the program, an icon is created on the Windows desktop, which, when clicked, will prompt installation.

The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings. The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the Internet, it is vital to protect systems with a good anti-virus, which objectively scans each file on the computer, explains Jeremy Matthews, MD of Panda Software SA.
 
To protect against this type of malicious program, in addition to having an up-to-date anti-virus that combines reactive and proactive technologies to detect known and unknown threats, it is also essential to check the source of any files downloaded onto the system as well as to pay close attention to the licence agreements when installing programs.