In terms of malware, what’s the worst thing imaginable? Normally, I’d say it was an undetectable program that just did its nasty job on a user’s PC without drawing attention to itself. Such a “silent insurgent” promises mayhem because it is unlikely to be noticed by an AV scanner until it is too late.
Now imagine a program that can't be detected by any of the best anti-malware programs but which *does* draw attention to itself. Is that really worse? Yes, in a way, because you know it’s there but can’t stop it.
It sounds unlikely but that is what has happened on one of my test PCs. Used permissively to trawl likely drive-by malware sites, it has become infected with something that randomly re-redirects web links to Google search results for a whole gamut of dodgy sites, mostly to do with porn and the like.
The redirect IP address is easy enough to spot, and turns out to be a domain registered to a site associated with the Russian adware/megatds malware nest. I know the PC is infected, but it turns out that none of the best security programs I can throw at it can seem to work out what it is or even detect it directly at all. Even rootkit scanners turn up nothing.
The next stage is to use a rootkit scanner to identify suspicious processes, plus a trawl of the hard disk and registry to spot unwanted files. None of this is guaranteed to be easy, but it seems like the only way to find a piece of malware against which there appears to be no protection. Meantime, the re-director continues to poke fun at my web browser at every turn.
I’ll work on the assumption that is a DNS re-direction rootkit of some kind. Still fascinating - and concerning - that the latest and greatest rootkit scanners can’t actually see it.