contents

software
 
New Fraudulent Adware Uses Rootkit Techniques, Reports PandaLabs

PandaLabs has detected the appearance of VideoCach, a new adware specimen. This malicious code is designed to fraudulently promote certain security applications. This adware includes the novelty of using rootkit techniques. Rootkits are programs designed to hide files or processes running on a computer. This makes malicious code that use rootkit techniques more difficult to detect.

VideoCach creates shortcuts on the desktop and displays false infection alerts. It also opens Internet Explorer windows falsely telling users that there is malware installed on the computer.

This adware includes links to web pages from which dubious security applications can be downloaded or bought. When run, these tools scan computers although the results are at best dubious. They normally detect inoffensive cookies as malware, or report unimportant errors, such as Windows registry entries referring to a nonexistent file. In any event, the application displays messages warning users of a security risk and demanding money in order to eliminate the threats detected.

According to Luis Corrons, technical director of PandaLabs: "Without commenting on the effectiveness of these security applications, the real problem is the way they are promoted, using malicious code such as VideoCach and scaring users with reports of non-existent infections. Under no circumstances should users download applications through pop-up ads, or shortcuts that suddenly appear on the desktop".

The creators of this adware are frequently changing the web pages that the ads and shortcuts displayed by VideoCach point to. "In general, the creators of these threats normally get a percentage of each sale. That's why they normally promote several applications at the same time", explains Luis Corrons.



write your comments about the article :: © 2007 Computing News :: home page