Haxdoor, Rootkit Pharming
Haxdoor is one of the most advanced rootkit malware out there. It is a kernel-mode rootkit, but most of its hooks are in user-mode. It actually injects its hooks to the user-mode from the kernel -- which is really unique and kind of bizarre.
So, why doesn't Haxdoor just hook system calls in the kernel? A recent Secure Science paper has a good explanation for this. Haxdoor is used for phishing and pharming attacks against online banks. Pharming, according to Anti-Phishing Working Group (APWG), is an attack that misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. F-Secure : News from the Lab
Back to: PC Security, privacy news