(Don’t) Meet the Ronvix: an evolved Trojan breed emerges

Microsoft’s Malware Protection Center today reports the discovery a new breed of the bootkit Ronvix. This Trojan makes changes to your computer so that it downloads and runs other malware every time it starts.

The Malware Protection Center says this type of malware has become a new trend, wherein the Ronvix introduces a private TCP/IP stack. It essentially creates a new stealth in its network communication.

How do you know if machines in your organization have been infected? Apparently, compromised machines will contact the domain “youtubeflashserver.com”. If a network administrator notices traffic sent to this domain, then most likely those machines have been hit by the Ronvix.

To learn more about the Ronvix, how it evolved, how it works and how to get rid of it, head over to the Malware Protection Center blog.

You might also be interested in:

Deborah Pisano
Microsoft News Center Staff