New fraudulent adware uses rootkit techniques

PandaLabs has detected VideoCach, a new adware specimen, that is designed to fraudulently promote certain security applications including the novelty of using rootkit techniques. Rootkits are programmes designed to hide files or processes running on a computer which makes malicious code that use rootkit techniques more difficult to detect.

VideoCach creates shortcuts on the desktop and displays false infection alerts. It also opens Internet Explorer windows falsely telling users that there is malware installed on the computer.

This adware includes links to web pages from which dubious security applications can be downloaded or bought. When run, these tools scan computers although the results are at best dubious. They normally detect inoffensive cookies as malware, or report unimportant errors, such as Windows registry entries referring to a nonexistent file.

In any event, the application displays messages warning users of a security risk and demanding money in order to eliminate the threats detected.

According to Luis Corrons, technical director of PandaLabs: “the real problem is the way they are promoted, using malicious code such as VideoCach and scaring users with reports of non-existent infections. Under no circumstances should users download applications through pop-up ads, or shortcuts that suddenly appear on the desktop”.

The creators of this adware are frequently changing the web pages that the ads and shortcuts displayed by VideoCach point to. “In general, the creators of these threats normally get a percentage of each sale. That’s why they normally promote several applications at the same time”, explains Luis Corrons.