'Rootkit + Trojan = Increased danger'

Security firm Sana Security is currently warning users of a new type of programmed malware aimed at stealing usernames and passwords.

The 'rootkit.hearse' malware is more dangerous than the previous types of malware that steal personal information in the way it has been applied to 'hidden' techniques of rootkits that make playback they become extremely difficult.

However, to be able to perform the 'innate' function, this type of malware must successfully break into the user's system. It is also possible that this type of malware will still use methods to trick users into downloading malicious scripts or infecting a computer through other types of malware.

Once successfully hacked into the system, 'rootkit.hearse' will immediately send sensitive user information to a server in Russia.

'Rootkit.hearse' has two components: a trojan helps it communicate with the server in Russia and a rootkit software makes it possible to 'hide' from security tools. Security firm Sana discovered that the malware was downloaded along with the Win32.Alcra worm.

'Rootkit.hearse' uses concealment techniques similar to Sony BMG Music Entertainment's infamous XCP copyright protection software. This malicious software spends most of its time lying dormant in the operating system; But whenever a user accesses a website that needs authentication, it immediately activates communication with the server in Russia. It will automatically read the password and username information and send it to that server.

As of the end of last Monday, according to Sana's test results, only 5 of the 24 security products are capable of detecting 'rootkit.hearse'.

As of yesterday, servers in Russia have contained more than 35,000 usernames and passwords taken from more than 7,000 different websites.Sana has informed Russian Internet service providers to handle this host.However, the company refused to disclose information about that server and Internet service provider.