Kaspersky Lab Neutralizes New Variant of the Sinowal Rootkit
What is the Neosploit exploit toolkit: The Neosploit toolkit is an advanced exploit toolkit that has automated tools for taking advantage of vulnerabilities in other applications.
Kaspersky Lab analysts have been monitoring the Sinowal bootkit since early 2008; however the new variant came unexpectedly. Unlike earlier versions, the new modification, Backdoor.Win32.Sinowal has these features:
- It penetrates much deeper into the system to avoid being detected
- A stealth method that hooks into device objects at the operating system's lowest level
- Sinowal conceals the payload's activities, which are designed to steal user data and various account details
- It can penetrate a system through a vulnerability in Adobe Acrobat and Reader, which allows a maliciously rigged PDF file to plant malware on a system without the user's knowledge.
This is the first time cybercriminals have used such sophisticated technologies. It also explains why no antivirus products could treat computers infected or even detect the new Sinowal modification when it first appeared. Implementing detection and treatment for Sinowal has been one of the toughest jobs facing antivirus researchers.
Detection and Treatment
To find out whether or not Sinowal has infected a computer, users must update their antivirus databases and perform a complete system scan. If Sinowal is detected, the computer will need to be rebooted during the treatment process. Kaspersky Lab specialists also recommend that users install all the necessary patches in Adobe Acrobat and Reader and any browsers that they use to secure any potential vulnerabilities.
Adobe Acrobat and Reader Patch: http://www.adobe.com/support/security/bulletins/apsb09-04.html
About Kaspersky Lab
Kaspersky Lab seeks to deliver the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and very fast outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is used worldwide inside the products and services of the industry's leading IT security solution providers. Learn more at http://www.kaspersky.com/. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit http://www.viruslist.com/.
Kaspersky Contacts:
Christen Rice
Kaspersky Lab
P: + 1 781 503 2625
E: christen.rice@kaspersky.com
###