Friday, September 08, 2006

A New Malicious Program Alters Internet Search Results And Uses A Rootkit To Hide Itself, Reports Panda Software (Just Load IT)

“PandaLabs has detected the appearance of Zcodec, a new malicious program which uses a rootkit to hide its malicious actions.

Once on the system, a rootkit (a program designed to hide processes, files or registry entries) is installed so that users cannot see which files are being run. In this way, Zcodec installs two executable files.

The first of these modifies the DNS settings on the compromised computer so that when a user clicks on results returned from search engines such as Google, a different page is displayed.

This tactic is exploited by the creators of the program in order to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.

The second executable file can have two different actions, which are executed at random. In some cases it installs the Ruins.MB Trojan, designed to download other malicious programs on the system.

And on other occasions, the file continually launches a casino application, asking for the user’s permission to install it. However, even if the user rejects installation of the program, an icon is created on the Windows desktop which when clicked, will prompt installation.”