New Alureon Rootkit Takes Malware To New Level

← Back to Stories (view on slashdot.org)

New Alureon Rootkit Takes Malware To New Level

Posted by CmdrTaco on Monday May 16, 2011 @03:40AM from the boot-the-root dept.

Trailrunner7 writes "A new version of the venerable Alureon malware has appeared, and this one includes some odd behavior designed to prevent analysis and detection by antimalware systems. However, this isn't the typical evasion algorithm, as it uses some unusual encryption and decryption routines to make life much more difficult for analysts and users whose machines have been infected. Alureon is a well-known and oft-researched malware family that has some rootkit-like capabilities in some of its variations. The newest version of the malware exhibits some behavior that researchers haven't seen before and which make it more problematic for antimalware software to detect it and for experts to break down its components."

5 of 135 comments (clear)

Min score:

Reason:

Sort:

A silly question by countertrolling · 2011-05-16 03:44 · Score: 3, Insightful

Why can't the system be installed on ROM? At the very least, it will boot clean every time...

--
For justice, we must go to Don Corleone
1. Re:A silly question by datapharmer · 2011-05-16 04:01 · Score: 3, Insightful
  
  EEPROM can be... this is essentially what coreboot is.
  
  --
  Get a web developer
2. Re:A silly question by countertrolling · 2011-05-16 04:02 · Score: 4, Insightful
  
  On the other hand that could be achieved with any USB stick with a write protect switch.
  That would be the proper procedure that I would find perfectly acceptable, but all the present day USB sticks with write protect do it with software. It's not like the floppies that made it physically impossible to write by literally turning off the ability to write. It's one of the giant steps backwards that the industry has made.. intentionally? I don't know, but my suspicions run high.
  
  --
  For justice, we must go to Don Corleone
3. Re:A silly question by drsmithy · 2011-05-16 04:57 · Score: 5, Insightful
  
  EEPROM can be... this is essentially what coreboot is.
  If the end user can do it, the end user can be convinced to do it by malware.
Worthless Summary by OverlordQ · 2011-05-16 03:47 · Score: 5, Insightful

A new version of the venerable Alureon malware has appeared, and this one includes some odd behavior designed to prevent analysis and detection by antimalware systems. However, this isn't the typical evasion algorithm, as it uses some unusual encryption and decryption routines to make life much more difficult for analysts and users whose machines have been infected. Alureon is a well-known and oft-researched malware family that has some rootkit-like capabilities in some of its variations. The newest version of the malware exhibits some behavior that researchers haven't seen before and which make it more problematic for antimalware software to detect it and for experts to break down its components.
A new version of well-known Alureon is out which has odd things to make it hard to analyze. It's odd, and is not normal and makes it's hard to analyze. It's well known and is a rootkit.The new version is odd and makes it hard to analyze.
We got that after the first sentence, how about actually providing some fscking detail.

--
Your hair look like poop, Bob! - Wanker.