Some users of Windows XP are unable to update their computers to the latest patches and fixes, since their systems are infected with a virus. In a recent report it states that the rootkit infection known as Alureon is the culprit. Patches released on April 16th, 2010 can detect infected machines and will refuse to install the updates. This protection is built in by Microsoft to prevent what is being called an endless loop, which crashes the infected system.
Users who are infected with Alureon rootkit had previously experienced crashing after updates were installed on their infected systems. Naturally the user would blame the update from Microsoft as being the problem, when in fact their systems had been compromised. The article also states that:
Find and fix
The latest batch of updates for Windows was released on 16 April and some of them fix vulnerabilities in the core, or kernel, of Windows. This is the same place that rootkits try to take up residence.
When Alureon is present it monitors net traffic and plucks out user names, passwords and credit card numbers. It also gives attackers a back door into infected machines.
The virus first appeared in 2008 and has been spread via discussion forums, hacked websites and bogus pay-per-click affiliate schemes.
The statement goes on:
By not applying the patch, Microsoft hopes to avoid a repeat of events in February which left many people struggling to get their computer working again.
Microsoft also wants to avoid a situation in which people become wary of updates because they provoke a crash.
It is not yet clear how many people have been left without the updates.
Microsoft urged those who are infected to ensure their machine is cleaned of the rootkit. It recommended using its malware removal tool or using rootkit detectors from other security companies.
Many modern security packages have them built in and will find rootkits when a machine is scanned.
What is always surprising to me is that with the multitude of free anti-virus programs such as those from AVG, Avast, Avira. and others that folks are still struggling with infections. If you are one of those infected may I recommend using a free program to cleanup your computer. It is really that simple.
Comments as always are welcome.