Viruses now penetrating deeper

update New malware variants have taken researchers by surprise by penetrating deeper into systems to avoid detection, says Kaspersky Lab.
Written by Victoria Ho, Contributor

update New malware variants have taken researchers by surprise by adapting new "stealth" methods to penetrate systems deeper so as to avoid detection, according to Kaspersky Lab.

The antivirus company said in a video conference Wednesday, a new variant of botnet, Sinowal--also known as Torpig--marks the first time cybercriminals have used such sophisticated methods.

Kaspersky said Sinowal writes itself to the user's hard drive master boot record (MBR), the operating system's lowest level, and has been successful in avoiding detection by antivirus products.

It said the worm has has over the last month been actively spreading through a number of methods including Web sites exploiting the Neosploit rootkit and a vulnerability in PDF software, Adobe Acrobat Reader.

Konstantin Sapronov, head, virus lab, China, Kaspersky, said new methods of infiltration have also rendered it nearly impossible for users to avoid infection, even if they are careful. Seemingly clean sites can also perform backend redirection to malware-ridden sites.

Sapronov said Web malware authors have favored redirection exploits on Web apps and search fields, like iFrame attacks during 2008, compared to 2007 which saw more Trojan horses and droppers being used.

The Web has also overtaken e-mail as the top transport medium for viruses, with the number of infected sites growing 300 percent in 2008, he said.

Editorial standards