There’s a not-so-new Trojan malware that infects Windows computers running the Vista and 7 operating systems, even including the deceased XP. Trojan.Viknok, which emerged last year, is now shifting its aim to the privilege escalation vulnerabilities by obtaining administrative-level access to computers in order to convert the system into a botnet.
And researchers warn that this malware is difficult to detect using a typical anti-virus software.
Security vendor Symantec first reported on the renewed rise of Trojan.Viknok this week, whereby Windows PCs are being added to the army of botnets of cyber criminals. The malware has been around for more than a year now, injecting malicious payload into dll files.
It should be noted that altering a system dll is an arduous exploit, one that even a computer administrator is being prevented from changing its core system that is responsible for running the software when Windows restarts.
The Trojan is designed to wrestle administrator control of an operating system from the genuine user and corrupt system files with manipulative malware to redistribute the ad click fraud. This scheme is also not new and has been targeting computer systems for years. Up until now, attackers spurred by the monetary gains of spreading these malicious activities still find ad clicking a lucrative business, albeit nefarious.
One noticeable indication when your computer has been infected by Viknok is the random playing of audio files, according to Symantec. It is actually run by Trojan.Vikadclick that stealthily visits websites in the background playing an audio content.
The Trojan is aimed at infecting particularly the rpcss.dll system file in an attempt to execute the malicious code when Windows starts. It functions like a loader of the malware, and it is usually hard to detect because it is hidden in an encrypted file. Therefore, the process is most often secretive and users are not to be notified about any presence of malware infesting their computers. From all indications that a computer can detect, the malware does not really operate suspiciously.
Good thing if a Trojan of this sort is so designed to display the user account control in order to gain escalated privilege. This way, users will be notified of a malicious activity on their computer. But there are also cases when the user control would appear to be just another rote segment of the whole process, in which case it is likely to be ignored along with the malware.