Scranos Rootkit Expands Operations From China To the Rest of the World

A malware operation previously limited to China's borders has expanded over the past few months to infect users from all over the world, antivirus firm Bitdefender said in a report published today. From a report: Users who have the bad habit of downloading and installing cracked software applications are at the highest risk. According to Bitdefender experts, these apps are laced with a relatively new malware strain named Scranos. The most important piece of this malware is a rootkit driver that's hidden inside the tainted apps and which allows the malware to gain boot persistence and take full control over users' systems in the early stages of an infection. Although Bitdefender describes Scranos as "a work in progress, with many components in the early stage of development," the malware is still very dangerous as it is. That's because Scranos is a modular threat that once it infects a host computer, it can ping its command and control (C&C) server for additional instructions, and then download small modules to execute a fine set of operations.

Re:

[Penguinisto]

THe trouble is right now we can't marshall the resources to track these folks down because they are always extranational criminals.

In this case, I would not be too surprised if the ultimate originator (or patron, if you will) of this particular rootkit is a fully-paid up member of the Business Software Alliance.

Yeah, tinfoil-y, I know, but the fear of being infected certainly does benefit them the most...

Re:

[Zaiff Urgulbunger]

Wouldn't it be nice if the world could sign mutual extradition treaties for certain types of crimes that ruin the internet.

Unnecessary. Just make blindly downloading and opening executables, illeg^H^H^H^H^H executable!! :D

I mean, I think we all know what the real problem is don't we?!

User stupidity ...

[Anonymous Coward]

Users who have the bad habit of downloading and installing cracked software applications are at the highest risk.

Well, once you're doing that you've pretty much left behind any hope you will have security.

If you're installing software from a source you don't know you can trust, this is what happens.

This reminds me of a receptionist we had back in the mid-90's. That lady would download every stupid thing she found ... dinosaur cursors, cat screen savers, puppy themed start menus ... you name it. Invariably every 2-3 months her machine would have to be completely re-imaged because she had it so infested with shit.

We told her repeatedly "stop installing this shit, it's a security risk" ... and she always pretty much on day one started downloading the same shit. She didn't seem to grasp that she herself was why her machine was always fucked up.

Me, at this point, I assume pretty much all apps are shit, full of malware, and adding little or no value (or even posing a risk). They're nothing more than a conduit for ads and having your data stolen.

The entire app economy is based on garbage in my opinion, and if people can't grasp their own stupidity, they deserve the malware.

Re:

[CaptainDork]

Just a thought. Your post is the best, so far. (Admittedly, it's early) and I agree. I have mod points but I I don't have my permission to spend /. mod on AC.

If that doesn't matter to you, well that's OK. Should it, login.

Still, as a a retired IT guy, I have lived the frustration that you have lived.

Thanks.

Re:

[Penguinisto]

Gotta agree with sibling. If I had mod points, I'd damned sure spend them here.

Well, once you're doing that you've pretty much left behind any hope you will have security.

If you're installing software from a source you don't know you can trust, this is what happens.

Quoting the best line for propagation.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Dunbal]

Better still block it at the download level and don't download it. Back before broadband was common and digital downloads didn't exist, an argument could be made for trying to get something you couldn't find elsewhere. Now we're surrounded by cheap digital sources, you can buy and download any software you want, you have a wide variety of services that stream all sorts of movies and shows. There's not much drive for piracy except for the need to "get stuff for free". Well caveat emptor.

Target?

[bill_mcgonigle]

Why doesn't TFS say if this affects iOS, lightbulbs, Windows, or Fedora?

Just SCADA systems, then? FFS.

Re:

[CODiNE]

When they don't tell you what it affects, it's always Windows.

Otherwise they clearly point it out by stressing how other OS' are JUST AS vulnerable.

And yes just as vulnerable to Trojan horse software.

... but does it run on Linux?

[mspohr]

If it only runs on Windows, it is of no consequence since it only affects those too stupid to protect themselves.