ESET reveals its research
Researchers from global security company ESET have recently found a new modification of infamous Win32/Rovnix Trojan, a rootkit malware targeting Windows OS. Analysts expect an increase in native 64-bit malware, especially rootkits, in 2012.
The Win32/Rovnix.B, as other rootkit droppers, is distributed by an affiliation program (Pay Per Install). Affiliates receive between $8 to $160 for every 1,000 installations of such rootkits, the price particularly in India is the lowest in the market. Previously, Win32/Rovnix was mainly distributed from two domains - malwox.com and netox.biz with affiliation programs. Affiliates like to choose websites for photo and video storage, games, adult content for planting malware.
"It seems that the developers of the malware haven't wasted their time. The key features introduced in the new version are self-defense mechanisms intended to prevent the malware from being detected by antivirus software have been introduced and implementation of hidden storage to store configuration data for the payload has been added. Rovnix relies on its own mechanisms to store data which allows them to counteract forensic analysis and adds additional stealth functionality to counter antivirus software," said David Harley, Senior Research Fellow, ESET.
"The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular", says David Harley.
For More Details See
www.varindia.com