Rakshasa
Posted: August 13, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 74 |
First Seen: | August 13, 2012 |
---|---|
OS(es) Affected: | Windows |
In an interesting case of malware being developed 'because we can,' Rakshasa is a rootkit that was designed to infect the BIOS (or Basic Input Output System) of a PC, hence its secondary classification as a 'BIOSkit.' Although Rakshasa was developed solely for research purposes in the capabilities and limitations of malicious software, Rakshasa's creator asserts that PC threats with Rakshasa's capabilities are well within the grasp of actual criminal programmers. Rakshasa doesn't show symptoms of its efforts, which, like any rootkit can be used to compromise the PC in question. While it's unlikely that you'll ever need to delete Rakshasa, rootkits with capabilities similar to Rakshasa's BIOS-compromising features should be removed by suitably-sophisticated anti-malware programs that are capable of dealing with such high-level PC threats.
Rakshasa – the Demon That Possesses Your BIOS
Rakshasa gained its name from Indian mythology, titled after a shape shifting race of demons that were noted for their man-eating qualities. This grotesque label is given to what is, essentially, a rather harmless rootkit – since Rakshasa was developed by researcher Jonathan Brossard purely to prove that BIOS-infecting rootkits were possible, and Rakshasa is, therefore, not distributed in the world. Nor has Rakshasa's code been made available to the public, for obvious reasons, and it's unlikely that Rakshasa, itself, will be a danger to your PC in the future.
In spite of these restrictions, Rakshasa's actual functions are somewhat ominous – by compromising the BIOS of an infected PC without any symptoms, Rakshasa's developer claims that Rakshasa is essentially unremovable. While this isn't quite true, the technical difficulty in deleting Rakshasa makes the looming spectre of future rootkits with Rakshasa-like capabilities a not-insignificant threat, andSpywareRemove.com malware researchers can only recommend that you keep up standard web-browsing and anti-malware safeguards in the meantime.
What Else Can Be Made Unholy By Rakshasa's Touch
In addition to its BIOS-infecting features, Rakshasa can also compromise the read-only code of PCI peripherals (such as your CD-ROM drive or network card). The currently-documented version of Rakshasa also includes compatibility for over two hundred different types of motherboards, which allows Rakshasa to (hopefully, strictly in theory), affect wide ranges of different PCs. Estimates from Mr. Brossard and other PC security experts, including SpywareRemove.com own malware researchers, note that such vulnerabilities could be used to take over the entire operating system, much in the fashion of an advanced backdoor Trojan.
Since there are no signs that this vulnerability is going away for platforms such as the in-development Windows 8, SpywareRemove.com malware experts recommend that you guard against possible upcoming rootkits with Rakshasa-capabilities in the same way that you'd ward off any type of malicious software. As always, avoid suspicious websites, keep your web browser heavily-secured and keep anti-malware software that can block attacks that might download a Rakshasa variant or similar rootkit without your consent.
Maybe the rakshasa support staff didn’t get the memo. Definitely got my money however. Rather than help me with this threat or a similar threat weaponized by the PRC for commercial espionage against me and my company, seems that they would rather tell me and my $450 an hour engineers that they’re much smarter. Oh really?