VERY IMPORTANT

Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center a few months ago, when it was detected trying to tamper with the homepage of a victim’s browser. Indeed, that is exactly what CEIDPageLock is – a browser hijacker. It acts to manipulate the victim’s browser and turn their home-page into a site pretending to be 2345.com – a Chinese web directory. While already quite sophisticated for a browser hijacker, the new version of the rootkit observed in the wild contains a few notable improvements that make it even more effective. Chiefly among them is a new functionality that monitors user browsing and dynamically replaces the content of several popular Chinese websites with the fake home page, whenever the user tries to visit them.