|
Alureon (also known as TDSS) is a trojan and bootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update MS10-015 triggered these crashes by breaking assumptions made by the malware author(s).〔(MS10-015 Restart Issues Are the Result of a Rootkit Infection (threatpost) )〕〔(【引用サイトリンク】title=More information about Alureon )〕 According to the research conducted by Microsoft, Alureon was the second most active botnet in the second quarter of 2010. ==Description== The Allure boot was first identified around 2007. Personal Computers are usually infected when users manually download and install Trojan software, and Alureon is known to have been bundled with the rogue security software Security Essentials 2010. When the dropper is executed, it first hijacks the print spooler service (spoolsv.exe) to update the master boot record and execute a modified bootstrap routine; it then infects low-level system drivers such as those responsible for PATA operations (atapi.sys) to implement its rootkit. Once installed, Alureon manipulates the Windows Registry to block access to Windows Task Manager, Windows Update, and the desktop. It also attempts to disable anti-virus software. Alureon has also been known to redirect search engines to commit click fraud. Google has taken steps to mitigate this for their users by scanning for malicious activity warning users in the case of a positive detection. The malware drew considerable public attention when a software bug in its code caused some 32-bit Windows systems to crash upon installation of security update MS10-015. The malware was using a hard-coded memory address in the kernel that changed after the installation of the hotfix. Microsoft subsequently modified the hotfix to prevent installation if an Alureon infection is present,〔(【引用サイトリンク】title=Update - Restart Issues After Installing MS10-015 and the Alureon Rootkit )〕 while the malware author(s) also fixed the bug in the code. In November 2010, the press reported that the rootkit had evolved to the point where it was able to bypass the mandatory kernel-mode driver signing requirement of 64-bit editions of Windows 7 by subverting the master boot record, something that also made it particularly resistant on all systems to detection and removal by anti-virus software. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Alureon (also known as TDSS) is a trojan and bootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update MS10-015 triggered these crashes by breaking assumptions made by the malware author(s).(MS10-015 Restart Issues Are the Result of a Rootkit Infection (threatpost) )(【引用サイトリンク】title=More information about Alureon )According to the research conducted by Microsoft, Alureon was the second most active botnet in the second quarter of 2010.==Description==The Allure boot was first identified around 2007. Personal Computers are usually infected when users manually download and install Trojan software, and Alureon is known to have been bundled with the rogue security software Security Essentials 2010. When the dropper is executed, it first hijacks the print spooler service (spoolsv.exe) to update the master boot record and execute a modified bootstrap routine; it then infects low-level system drivers such as those responsible for PATA operations (atapi.sys) to implement its rootkit.Once installed, Alureon manipulates the Windows Registry to block access to Windows Task Manager, Windows Update, and the desktop. It also attempts to disable anti-virus software. Alureon has also been known to redirect search engines to commit click fraud. Google has taken steps to mitigate this for their users by scanning for malicious activity warning users in the case of a positive detection.The malware drew considerable public attention when a software bug in its code caused some 32-bit Windows systems to crash upon installation of security update MS10-015. The malware was using a hard-coded memory address in the kernel that changed after the installation of the hotfix. Microsoft subsequently modified the hotfix to prevent installation if an Alureon infection is present,(【引用サイトリンク】title=Update - Restart Issues After Installing MS10-015 and the Alureon Rootkit ) while the malware author(s) also fixed the bug in the code.In November 2010, the press reported that the rootkit had evolved to the point where it was able to bypass the mandatory kernel-mode driver signing requirement of 64-bit editions of Windows 7 by subverting the master boot record, something that also made it particularly resistant on all systems to detection and removal by anti-virus software.」の詳細全文を読む スポンサード リンク
|