In keeping with this Halloween season, I'm starting a series on scary malware tricks, similar to last year's series on spyware tricks. Perhaps my personal focus has changed, but it seems to me spyware tricks are becoming far more devious and destructive. Last year I was testing mostly adware, whereas this year I'm testing more trojans, backdoors, rootkits, etc. Also scary -- botnets are reportedly growing in frightening numbers.
Just this week we learned that Apple shipped some iPods with a trojan, (not to mention that Apple tried to push the blame on Microsoft.) In their announcement, Apple used the word virus, but it's more like a worm with a backdoor trojan component.
The name of the malware process on the infected iPods is RavMone.exe. Symantec has a good description here, calling it W32.Rajump. When I first read the description, the name was Backdoor.Rajump, but either way, its malicious payload is the same. On initial infection, the malware creates RavMone.exe in the Windows directory and puts itself in a Run key in the registry to make sure it starts with every Windows boot-up. Symantec says it open a TCP port and immediately tries to phone home to the following URLs:
Another example of very scary technology is the Gromozon rootkit, aka Trojan.LinkOptimizer. I'll write about Gromozon in the next article in the series.
Gallery: Nine more Firefox add-ons to try
Jason Hiner: With industry giants like Cisco, Apple, Microsoft and Google racking up huge cash reserves, and the market price of many public tech companies on a "50% off sale", consolidation is in the air. Although the IBM-Sun deal fell apart, expect more tech acquisitions in 2009. These are most likely...
Apple releases third iPhone 3.0 beta