Peaches Posted December 1, 2010 Report Share Posted December 1, 2010 New Rootkit Functions as Adware Distribution Platform Security researchers from BitDefender have come across a new rootkit, which seems designed to drop a lot of adware programs on the infected systems.Detected as Rootkit.Woor.A, the malware installs itself as a randomly named service and runs as a system driver. This allows it to perform actions with kernel privileges. The rootkit overwrites the legit explorer.exe with a malicious version, which is subsequently called during the normal system boot process.When started, the rogue explorer.exe makes sure every component of this threat is running properly and that the unauthorized registry keys it needs are in place. It then proceeds to load the legit Windows Explorer from the system's dll cache, making it appear to the victim as if everything is functioning properly.The rootkit also interferes with the operation of antivirus programs and other system monitoring application by preventing their execution on the system. More details here: http://news.softpedia.com/news/New-Rootkit-Functions-as-Adware-Distribution-Platform-169448.shtml Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.