Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    More Nefarious Strain of Zacinlo Malware Infecting Windows 10 Machines

    By
    WAYNE RASH
    -
    June 19, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Zacinlo malware upgrade

      A description of the latest version of the Zacinlo malware sounds like a nightmare scenario for your security team. It’s rootkit malware that installs itself on the lowest levels of Windows where detection is extremely difficult to detect. 

      Even if it’s detected Zacinlo disables anti-virus and anti-malware packages so it can’t be quickly purged from the system.  It also writes itself into the Windows registry so attempts to remove it by rebooting or even reinstalling Windows won’t get rid of it. 

      Once Zacinlo gets into your system, it uploads your system information to its command and control server which then commands it to remove anything that’s considered a threat. This will include any AV packages, but also anything that competes with its core adware mission as well as any other software that might interfere with its operation. 

      Once Zacinlo is in your system, it begins serving ads to your desktop that simply appear, and about which you can do nothing. Meanwhile, in the background it’s running a browser with no user interface, so it can quietly click on links you can’t see, which can be used for ad fraud, but also to install other malware. 

      Meanwhile, Zacinlo is quietly snapping screen captures and sending whatever is on your screen to its command and control server. While it’s sending data to its servers, the malware also has the ability to set up a man-in-the-middle operation in your computer, so it can siphon off things like logins and passwords as well as banking information. If that’s not enough, it can redirect browser requests, taking you to fake web pages.  

      Zacinlo has actually been around for a few years, but got little attention because it was hard to spot so victims frequently didn’t know they were infected. They just saw ads mysteriously appear. It also hadn’t morphed into malware. But now it was recently upgraded to specifically target Windows 10, where it hides deep down in the operating system. 

      Adam Kujawa, Director of Malware Intelligence at Malwarebytes says that his team has been keeping an eye on Zacinlo for a while now. He also said that it’s going to get worse. 

      “While currently the biggest example of adware with rootkit functionality, it is none the less going to be copied by other [malware developers] in the near future, based on what we’ve seen historically from adware creators taking each other’s ideas,” Kujawa said in an email to eWEEK. 

      He said that anti-malware and antivirus companies re putting increasing pressure on creators of adware and now malware. “As more and more security solution providers start acknowledging Potentially Unwanted Programs (PUPs) as things to detect and remove, many adware and PUP developers have had to consolidate efforts,” Kujawa said.  

      “This has led to an emergence of more dangerous and persistent adware that is more difficult for the user to remove. This in turn, has so far been used for things like pointing a browser to an advertisement owned by the criminal, which is a kind of ‘third-party’ revenue stream for the criminals, versus ransoming files or stealing credit card information.” 

      Kujawa said that Zacinlo needs to be taken seriously. “Despite it’s seemingly benign threat to users, Zacinlo and other similar threats, contain the ability to install additional malware on the system.” 

      Currently the best known means of transmitting the Zacinlo malware is as part of the payload for a fake VPN package. The package looks like a VPN client, but doesn’t actually do anything except install the malware. However, there are likely other means of spreading this malware beyond the fake VPN. 

      Once it’s installed in your system, Zacinlo is nearly impossible to detect, but fortunately, it takes a little while for that to happen. “Malwarebytes can detect and remove the adware (adware.5hex) threat once identified, however, this particular malware updates itself so frequently and keeps such a close eye on how security solutions are stopping it, that being able to ensure identification and removal of the rootkit at any time is difficult to promise, especially once the rootkit has been had time to ‘dig in’ to the system.” 

      The Symantec labs have also been investigating Zacinlo, and right now they’re holding off on providing details, but if it turns out that you have this malware (or other malware that’s difficult to remove) there is a solution.

      “We are still investigating the samples to get a better understanding of the malware,” a spokesperson for Symantec said to eWEEK in an email. “While we haven’t confirmed for Zacinlo yet, a rootkit malware usually can’t survive a disk reformat and system reinstall,” the Symantec spokesperson said.   

      Users can also try a rescue tool like Norton Bootable Recovery Tool (NBRT)  to detect and remove rootkit malware if the AV product is rendered unusable by the malware. 

      What this means is that a rootkit malware infection leaves you few options. You can possibly kill it with anti-malware if you find it as soon as it arrives on your system. Or you can reformat your hard disk and do a clean install of Windows. If you’ve backed up your data, this isn’t necessarily hard, it’s just time consuming. Just be aware that you can’t do a restore from a system image, because that image is probably going to have the malware, too. 

      Or, finally, you can run Symantec’s NBRT, which uses a form of Linux to boot up your system and then has software that will examine your disk for rootkit malware. 

      Of course this all may have been prevented by practicing good computer hygiene, and by making sure your firewall is set so that Zacinlo can’t communicate with its command and control servers. Blocking off its access to the outside world will also keep Zacinlo from getting started in the first place.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×