A crude yet effective
method is to modify a system??™s hosts file to add entries for hosts known to be associated
with antivirus updates.
NOTE A hosts file is a simple text file that contains mappings of IP address to
hostnames. The hosts file is typically consulted prior to performing a DNS
lookup to resolve a hostname to an IP address. If a hostname is found in the
hosts file, the associated IP is used, saving the time required to perform a DNS
lookup. On Windows systems, the hosts file can be found in the system directory under
system32\drivers\etc. On Unix systems, the hosts file can be found at /etc/hosts.
The modifications go so far as to insert a large number of carriage returns at the end of
the existing host entries before appending the malicious host entries in the hopes that
the casual observer will fail to scroll down and notice the appended entries. By causing
antivirus updates to fail, new generations of malware can go undetected for long periods.
Typical users may not notice that their antivirus software has failed to automatically
update, as warnings to that effect are either not generated at all or are simply dismissed
by unwitting users.
Use of Rootkit Technology
Malware authors are increasingly turning to the use of rootkit techniques to hide the presence
of their malware.
Pages:
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905