A network creeping Trojan itself is insidious in nature
and what if it uses a Rootkit to evade detection as well? Security Experts at
MicroWorld Technologies inform that a Trojan Bot is exploiting multiple Windows
vulnerabilities to spread in networks, whilst using a Rootkit component to hide
its files and processes.
'Backdoor.Rbot.ayg' spreads via AOL Instant Messenger
at its first level of proliferation. Once it is installed in the system registry,
the Bot can move to other computers in the network by exploiting the recently
found and patched Server Service Vulnerability-MS06-040 and earlier flaws like
MS03-049 in Microsoft Windows.
Last month, MicroWorld Technologies had reported
about 'IRCBot.st', which exploited MS06-040, to launch a zero-day attack on targeted
computers. It had an identical spreading routine using AOL Messenger and was also
capable of exploiting earlier flaws in Windows.
Backdoor.Rbot.ayg uses 'Win32.Rootkit.l' to hide its files and processes.
It communicates to the remote attacker via IRC channels and accepts and executes
commands. The Bot can shutdown and restart the computer, log on to websites and
download malicious code, log off current user, send files to the intruder, capture
network user information and search disks for files.
"What's worrying
with these sorts of malware samples is that they show increased hybridization
in code and Multiple Layering in mode of attack," observes Manoj Mansukhani,
Head-Technology and Marketing, MicroWorld Technologies.
"As you see,
this is a Backdoor Trojan with network creeping abilities, which uses a Rootkit
component to hide itself. For spreading, it employs dual channels of Instant Messenger
and Vulnerability Exploitation while the Rootkit deposited in the computer can
even be used by a future Trojan. All this points towards a lot of planning, improvisation
and innovation that goes into creating and proliferating malware today"
MicroWorld
Labs closely studies the evolution of various malware breeds, to develop and implement
dynamic technologies that combat today's emerging threats in a comprehensive manner.
Sunil
Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies,
observes "If you are serious about security, you just can't be complacent
in patching vulnerabilities in Operating Systems or other applications. However,
regardless of security flaws in OS or elsewhere, you must be able to rely on your
AntiVirus software to protect your system from all kinds of malware types. And
that will be possible only when the security software combines multiple technologies
that are proactive and reactive in nature and always keeps a few steps ahead of
Virus writers."
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time Anti-Virus and Content Security
software eScan
for desktops and servers. Its communication security software,
MailScan is the first comprehensive e-mail scanner for your SMTP/POP3
Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology underlying these products,
powering them to several certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red
Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive security for your systems.
For network security of enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net
