What could be worse then a virus? A rootkit! Yes, those nasty little pieces of arbitrary code which get weave themselves so deep into the operating system the only way to remove them is to completely reinstall Windows.
This past week my dad has been complaining of slowdowns on his laptop. I initially thought it was just a crappy program constantly crashing or some spyware. A NOD32, Ad-aware, Spybot Search & Destroy, and Microsoft AntiSpyware scan later I was confident what was slowing down his system was neither spyware or a virus. A quick look at the Task Manager revealed that the msiexec.exe process was consuming the CPU. Shutting down the process only caused the 100% CPU utilization to shift to another core Windows process, with msiexec.exe returning at full steam a few minutes later.
This behavior was quite odd so I decided to run Rootkit Revealer. Once the scan was complete the results were clear as day. My dad’s laptop was hosed. So, my only option was to completely reinstall the system.
Now you’re probably wondering how could this happen? My dad is a security conscience person and doesn’t randomly open email attachment. He even examines each and every SSL certificate on secure webpages. He’s not the kind of person to let something slip by on the computer unknown. On top of that, he doesn’t even use the laptop for anything but web browsing. So I’ve come up with two scenarios which I think are plausible. I’ll never now for a fact, but at least I can sleep easier.
The first possibility is during a recent reinstall of Windows on my dad’s laptop (last one was a couple of months ago), a worm slipped into the system during that time when you’re downloading all the updates and your computer is vulnerable. The worm would of had to lay dormant until recently to go undetected for so long. Due to that fact, I doubt this was the case, but like I said before, we’ll never know.
The second possibility is my dad browsed to a website that contained the WMF flaw. Since my dad told me he hasn’t used his laptop much since the beginning of January, and right in the beginning of January he was doing a lot of Google searches (during the WMF flaw’s prime), I’m guessing this was the case.
It’s just plain wrong that a security conscience person can be infected simply by doing nothing. I’ll agree that we can’t blame Microsoft for the rootkit, but they’re sure responsible for withholding the patch to the Window Metafile flaw. If the WMF flaw was the method of infection, Microsoft is one-hundred percent to blame. They could have released the patch earlier, possibly preventing this from occurring.
People just can’t keep on accepting this as a regular event. They need to do something about it. Raise hell at Microsoft, switch to another operating system, just something which shows you’re not putting up with this crap. I know my dad expressed to me a few times now that instead of upgrading to Vista later this year, he’s going to be making the switch to Mac. Maybe not right away, but sometime after that. That’s the kind of action people need to take. I’m not saying Mac is right for everyone, but just don’t put up with this crap Microsoft is giving you. Fight back; you don’t have to live with the constant runaround Microsoft is giving you.
6 Comments
Did your father play one of those dreaded Sony BMG music CDs during 2005? If so, then he probably got the rootkit infection that way.
You would not get infected if you are behind a router while using Windows Update. It is more likely he visited some bad site. Which browser was he using? Maybe you should switch him to an operating system that is harder to mess up (ie Linux)?
You…., he doesn’t play CDs on the computer so it’s not a Sony rootkit.
Wayland, he alternatives between Firefox and Internet Explorer. He tries to use Firefox all the time, but certain websites related to his business require Active X.
Wayland, remember where the name rootkit comes from. They originate from *NIX.
Well Jonathan, how many people run their Linux boxes as root for everyday tasks? Most computers come with their users set as an administrator. Although rootkits are found on Linux, I am sure that there are more Windows computers infected with them.
You should read the WikiPedia entry on rootkit as you don’t need to be root for you to be effected by it as programs like ‘ps’ can be a rootkit and it disguises itself and keeps a root account available to the hacker and such.
Post a Comment