econoTwist's

Microsoft Spot New Antivirus Blocking Trojan

In Uncategorized on 22.01.11 at 04:05

A new Trojan has been spotted by Microsoft researchers in China that neutralize antivirus products that rely on cloud-based technology. The cloud technology is a relatively new technology, specially used in security software. Upon running, it targets major Chinese AV vendors and other international security brands by blocking their internet access at the network driver layer.

“Engineering it is not trivial.”

Kurt Baumgartner


Of particular concern here is the sophistication of the so-called “Bohu” Trojan, which blocks the cloud-based antivirus software by means of a Windows Sockets service provider interface (SPI) filter, itself made possible by the installation of an NDIS driver. The malware employs social engineering techniques to trick users into executing it.

The use of cloud-based technologies is becoming more prevalent, as traditional antivirus companies adopt techniques that allow them to detect and neutralize malware infestations in minutes rather than in days.

Speaking to eWeek, Kurt Baumgartner, who is a senior malware researcher at Kaspersky Lab acknowledged that engineering it is “not trivial.”

This effectively gives Bohu the ability to perform deep packet inspection on the network data, which it uses to modify search terms sent to sogou.com, and cookies belong to the top search engines.

For now, Microsoft says it has already contacted the affected vendors about the Bohu threat.

More on this story:
article at eWeek
article at Computer Weekly
article at IT Pro

Related:

Microsoft tool now scans for the Zeus Trojan
Security loopholes surfaces on Mac App Store
Zeus Trojan mules used fake names, passports
Evidence of Zeus Trojan found in majority of Fortune 500 companies

Related by The Swapper:

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: