Panda discovers rootkit functions in new Bagle worm variants

Glendale (CA) - Anti-virus specialist Panda Software today said that newly found versions of the Bagle worm use rootkits to hide its activities on an infected computer. The firm expects that rootkits may become a widely used tool for cyber criminals in the near future.

According to Panda, the Bagle versions carrying rootkits are Bagle HX, Bagle HY and Bagle HZ. Using a rootkit approach, which typically are designed to hide objects, such as processes, files or Windows Registry entries, are trying to "download files from different Internet addresses" and to "disable a large number of services belonging to security tools, such as antivirus and firewall programs, among others."

The company was not reachable for comment on which files and which specific services are impacted by the recently found Bagle versions.

Luis Corrons, director of Panda Labs, said that the creation and sale of rootkits in fact already has become a "real" business model for malware authors. Due to their capacity to slip past traditional security solutions and their versatility to hide on the system and carry out all types of malicious actions, rootkits have become an opportune tool for cyber criminals looking to earn them high profits," he was quoted in a prepared statement. "For this reason, it is highly probable that rootkits will become one of the main threats of the Internet."

Rootkits recently have become more visible with Sony using rootkit-like technology to enforce digital rights management of audio CDs and reports that the system BIOS could be the target of virus authors to hide malware.