Microsoft has second go at killing rootkit

Software giant Microsoft is finding that a mutating rootkit is providing about as difficult to kill as Jason in the Friday the 13th series.

For the second time in a month, Redmond has released a security update rootkit that has blocked some Windows users from installing security updates.

According to the Microsoft Malware Prevention Centre,  this month’s Malicious Software Removal Tool has cleaned the Alureon rootkit from over 360,000 Windows PCs since May 11.

This is 18.2  percent of all detections the month, more than double the 8.3 per cent the rootkit accounted for in April.

Redmond had a crack at dealing with the root kit last month when its software tool had some Alureon snuffling gear.  This removed the rootkit from more than 260,000 Windows computers. Alureon rootkit  was spotted by Symantec in October 2008,  however last year Microsoft confirmed that the rootkit caused infected PCs to crash when users applied a patch the company issued that month.

Microsoft used the Alureon detection again in April when it shipped another Windows kernel patch in the MS10-021 update.

Until Alureon is removed, infected systems cannot apply security updates MS10-015 and MS10-021.
It is hard to detect an Alureon infection.  Some keyboards go bonkers and other Windows XP machines must be reactivated because the rootkit tricks Microsoft’s product activation software into thinking that the user has swapped out one or more PC parts.

It is mostly Windows XP machines that are attacked by the rootkit. Almost two-thirds of the PCs infected with Alureon this month were running Windows XP Service Pack 3 (SP3),  more than 14 percent were running Windows XP SP2.  Less than  3.5 percent of the rootkit-infected PCs were running Windows 7.


Everyone knows that you kill such monsters with fire.