Malware alters Internet search results using a rootkit

PandaLabs has detected the appearance of Zcodec, a malicious program which uses a rootkit to hide its malicious actions. It also alters Internet search results and installs other malicious code on the system.

Zcodec is included in a program that supposedly installs the codecs needed to play a certain multimedia format. When users are about to install this application, a user licence window is displayed. However, no codec is installed, and the program does not wait for users to accept or reject the licence agreement, as when they click on the downloaded file, Zcodec is installed on the computer.
Once on the system, a rootkit (a program designed to hide processes, files or registry entries) is installed so that users cannot see which files are being run. In this way, Zcodec installs two executable files.

The first of these modifies the DNS settings on the compromised computer so that when a user clicks on results returned from search engines such as Google, a different page is displayed. This tactic is exploited by the creators of the program in order to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
The second executable file can have two different actions, which are executed at random. In some cases it installs the Ruins.MB Trojan, designed to download other malicious programs on the system. On other occasions, the file continually launches a casino application, asking for the user’s permission to install it. However, even if the user rejects installation of the program, an icon is created on the Windows desktop, which, when clicked, will prompt installation.

“The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings. The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the Internet, it is vital to protect systems with a good anti-virus, which objectively scans each file on the computer,” explains Jeremy Matthews, MD of Panda Software SA.
To protect against this type of malicious program, in addition to having an up-to-date anti-virus that combines reactive and proactive technologies to detect known and unknown threats, it is also essential to check the source of any files downloaded onto the system as well as to pay close attention to the licence agreements when installing programs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: