The malware was using a hard-coded memory address in the kernel that changed after the installation of the hotfix. The malware drew considerable public attention when a software bug in its code caused some 32-bit Windows systems to crash upon installation of security update MS10-015. Google has taken steps to mitigate this for their users by scanning for malicious activity and warning users in the case of a positive detection. Alureon has also been known to redirect search engines to commit click fraud. It also attempts to disable anti-virus software. Once installed, Alureon manipulates the Windows Registry to block access to Windows Task Manager, Windows Update, and the desktop. Then it infects low-level system drivers such as those responsible for PATA operations (atapi.sys) to install its rootkit. When the dropper is executed, it first hijacks the print spooler service (spoolsv.exe) to update the master boot record and execute a modified bootstrap routine.
Alureon is known to have been bundled with the rogue security software, "Security Essentials 2010". Personal computers are usually infected when users manually download and install Trojan software. The Alureon bootkit was first identified around 2007. Īccording to research conducted by Microsoft, Alureon was the second most active botnet in the second quarter of 2010. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).
Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. Alureon (also known as TDSS or TDL-4) is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data.
0 kommentar(er)
