Microsoft Warns of Major Rootkit Rise

Things proceed nicely for a time, with no problems, and then the bottom comes out from under your system. You do all the right things, being careful to use caution when doing things possibly dangerous and the news is that there may still be a threat lurking.

Microsoft is reporting that a number of rookit infections are showing up on Windows XP, and the full details come from InfoWorld -

Microsoft’s latest Threat Report shows a disturbing increase in Alureon rootkit infections, particularly on Windows XP machines

Microsoft just released its May Threat Report, and the results should give you pause. With nearly 2,000,000 infected systems cleaned, the nefarious Alureon rootkit came out on top.

Since it first appeared in 2006, Alureon (known in various incarnations as TDSS, Zlob, or DNSChanger) has morphed into a mean money-making marvel: a varied collection of Trojans most famous for their ability to invisibly take control of your PC’s interactions with the outside world. Alureon frequently runs as a rootkit, snatches information sent and received over the Internet, and may install a backdoor which allows Alureon’s masters to update your computer with the software of their choice.

You may have heard of Alureon in connection with Microsoft’s ill-fated MS10-015 Security Bulletin. The original version of the MS10-015 patch, when installed on some Alureon-infected Windows XP machines, resulted in a Blue Screen of Death. Microsoft pulled the patch, then altered it to avoid Alureon-infested PCs.

This month Microsoft added Alureon.H, the latest variant, to the scanning engine of the Malicious Software Removal Tool. (MSRT lies at the heart of Microsoft Security Essentials.) The new variant led to a hefty 37 percent increase over last month in the number of infected PCs caught and cleaned by MSRT. Right now, Alureon ranks as the No. 1 piece of MSRT-identified malware.

Most Alureon-infected systems run Windows XP. Microsoft pegs the number at 78 percent, with Vista accounting for 18 percent and Win7 around 4 percent of infected systems.

As with most malware, people inadvertently install Alureon when they think they’re installing something else. Microsoft’s April Threat Report explains that a typical Alureon installer asks to be elevated to Administrator status. If you’re using Vista or Windows 7 and you haven’t mucked with the User Account Control settings, Windows asks for permission to run the program as an administrator – that’s one more chance to catch yourself before aiming at your foot and pulling the trigger. If you’re running with an administrator account in Windows XP, you don’t get that one last chance.

If you use care, you should not have problems with this, as it hides in installations. I have, since before I can remember exactly when, always downloaded, and then scanned executables, no matter where they originate. I never allow anything to install with an open internet connection – the program may open one during the install, but by that time I have already scanned the executable and am satisfied it is clean. If anything seems the least bit suspicious, I will do additional testing before the install. It may seem like a big pain, but it is small potatoes compared to cleaning, or reinstalling a system where some customizations have been done.

Better safe than sorry, always… Also, downloading the MSRT each month is always a good idea, providing an additional checkpoint at least once a month.

§




Quote of the day:
The future will be better tomorrow.

- Dan Quayle

[Thank goodness we did not have Quayle and Bush 43 at the same time; the language might not have survived!)

Download Opera – A faster and more secure Web browser.

StumbleUpon.com

≡≡≡≡≡≡≡≡≡≡ Ḟᴵᴺᴵ ≡≡≡≡≡≡≡≡≡≡