Using the System Against Itself
Amongst other news being reported by Symantec at the moment (they are on a big PR push to improve the market's attitude towards their acquisition of Veritas), is news that they have detected malware that is using the software update service built in to Windows in order to download and install essential components of the malware. The fact that Symantec is hyping new anti-rootkit software is more than just coincidence.
Since the malware authors are using a key component of Windows to do the heavy lifting, it allows them to sneak the critical parts of their malware past any defences that might be in place (users can't have their firewall stopping the system from downloading their essential Windows updates). While the use of this system module is of concern for those developing defences against malware that might use it, it does represent a useful example of how difficult it is to establish the proper trust credentials, even for software that is embedded within the system and meant to only download system updates.
That concept might be at the core of how the problem could be resolved by a future patch - by limiting the functionality of the software to only downloading from trusted Microsoft locations (like some other Windows components already do), it would be possible to recover the original intended functionality for the component, without providing malware authors with such an easy way of moving their software onto a victim's system.
11 May 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.