Microsoft Spot New Antivirus Blocking Trojan

A new Trojan has been spotted by Microsoft researchers in China that neutralize antivirus products that rely on cloud-based technology. The cloud technology is a relatively new technology, specially used in security software. Upon running, it targets major Chinese AV vendors and other international security brands by blocking their internet access at the network driver layer.

“Engineering it is not trivial.”

Kurt Baumgartner

Of particular concern here is the sophistication of the so-called “Bohu” Trojan, which blocks the cloud-based antivirus software by means of a Windows Sockets service provider interface (SPI) filter, itself made possible by the installation of an NDIS driver. The malware employs social engineering techniques to trick users into executing it.

The use of cloud-based technologies is becoming more prevalent, as traditional antivirus companies adopt techniques that allow them to detect and neutralize malware infestations in minutes rather than in days.

Speaking to eWeek, Kurt Baumgartner, who is a senior malware researcher at Kaspersky Lab acknowledged that engineering it is “not trivial.”

This effectively gives Bohu the ability to perform deep packet inspection on the network data, which it uses to modify search terms sent to, and cookies belong to the top search engines.

For now, Microsoft says it has already contacted the affected vendors about the Bohu threat.

More on this story:
article at eWeek
article at Computer Weekly
article at IT Pro


Microsoft tool now scans for the Zeus Trojan
Security loopholes surfaces on Mac App Store
Zeus Trojan mules used fake names, passports
Evidence of Zeus Trojan found in majority of Fortune 500 companies

Related by The Swapper:

Comments Off on Microsoft Spot New Antivirus Blocking Trojan

Filed under Uncategorized

Comments are closed.