placeholder
Stuart Gentle Publisher at Onrec

New fraudulent adware uses rootkit techniques reports PandaLabs

VideoCach creates desktop shortcuts and displays spoof infection alerts to trick users into downloading dubious security applications

VideoCach creates desktop shortcuts and displays spoof infection alerts to trick users into downloading dubious security applications

PandaLabs has detected the appearance of VideoCach, a new adware specimen. This malicious code is designed to fraudulently promote certain security applications. This adware includes the novelty of using rootkit techniques. Rootkits are programs designed to hide files or processes running on a computer. This makes malicious code that use rootkit techniques more difficult to detect.

VideoCach creates shortcuts on the desktop and displays false infection alerts. It also opens Internet Explorer windows falsely telling users that there is malware installed on the computer.

This adware includes links to web pages from which dubious security applications can be downloaded or bought. When run, these tools scan computers although the results are at best dubious. They normally detect inoffensive cookies as malware, or report unimportant errors, such as Windows registry entries referring to a nonexistent file.

In any event, the application displays messages warning users of a security risk and demanding money in order to eliminate the threats detected.

According to Luis Corrons, technical director of PandaLabs: ìwithout commenting on the effectiveness of these security applications, the real problem is the way they are promoted, using malicious code such as VideoCach and scaring users with reports of non-existent infections. Under no circumstances should users download applications through pop-up ads, or shortcuts that suddenly appear on the desktopî.

The creators of this adware are frequently changing the web pages that the ads and shortcuts displayed by VideoCach point to. ìIn general, the creators of these threats normally get a percentage of each sale. Thatís why they normally promote several applications at the same timeî, explains Luis Corrons.

All users that want to know whether their computers have been attacked by these or other malicious code can use Panda ActiveScan, the free solution available at: http://www.pandasoftware.com/activescan.

They can also use the NanoScan beta (www.nanoscan.com), an online scanner that detects active malware on computers in less than 1 minute

Related News