A new Trojan has been spotted by Microsoft researchers in China that neutralize antivirus products that rely on cloud-based technology. The cloud technology is a relatively new technology, specially used in security software. Upon running, it targets major Chinese AV vendors and other international security brands by blocking their internet access at the network driver layer.
“Engineering it is not trivial.”
Of particular concern here is the sophistication of the so-called “Bohu” Trojan, which blocks the cloud-based antivirus software by means of a Windows Sockets service provider interface (SPI) filter, itself made possible by the installation of an NDIS driver. The malware employs social engineering techniques to trick users into executing it.
The use of cloud-based technologies is becoming more prevalent, as traditional antivirus companies adopt techniques that allow them to detect and neutralize malware infestations in minutes rather than in days.
This effectively gives Bohu the ability to perform deep packet inspection on the network data, which it uses to modify search terms sent to sogou.com, and cookies belong to the top search engines.
For now, Microsoft says it has already contacted the affected vendors about the Bohu threat.
Microsoft tool now scans for the Zeus Trojan
Security loopholes surfaces on Mac App Store
Zeus Trojan mules used fake names, passports
Evidence of Zeus Trojan found in majority of Fortune 500 companies
Related by The Swapper:
- Chinese Trojan blocks cloud-based security defences (go.theregister.com)
- Cloud based security versus securing the cloud (securecloudreview.com)
- Security Threats: Trojan Generators (brighthub.com)
- ZeusiLeaks Archives File 002: Alarm Bells (blogs.rsa.com)