[pchelpers] News:Spam Trojan Installs Own Anti-Virus Scanner

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Mon, 23 Oct 2006 08:09:32 +1300

Ryan Naraine - eWEEK Fri Oct 20, 1:03 PM ET

Veteran malware researcher Joe Stewart was fairly sure he'd seen it all 
until he started poking at the SpamThru Trojan—a piece of malware 
designed to send spam from an infected computer.

The Trojan, which uses peer-to-peer technology to send commands to 
hijacked computers, has been fitted with its own anti-virus scanner—a 
level of complexity and sophistication that rivals some commercial software.

"This the first time I've seen this done. [It] gets points for 
originality," says Stewart, senior security researcher at SecureWorks, 
in Atlanta, Ga.

"It is simply to keep all the system resources for themselves—if they 
have to compete with, say, a mass-mailer virus, it really puts a damper 
on how much spam they can send," he added.

Most viruses and Trojans already attempt to block anti-virus software 
from downloading updates by tweaking hosts file to the anti-virus update 
sites to the localhost address.

Malicious hackers battling for control over an infected system have also 
removed competing malware by killing processes, removing registry keys, 
or setting up mutexes that fool the other malware into thinking it is 
already running and then exiting at start.

But, as Stewart discovered during his analysis, SpamThru takes the game 
to a new level, actually using an anti-virus engine against potential 
rivals.

More here:
http://news.yahoo.com/s/zd/191975;_ylt=A9G_RydKkDtFOE4BCCAjtBAF;_ylu=X3oDMTA0cDJlYmhvBHNlYwM-
-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 112663246
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
Order my latest e-book at http://modecideas.com/dmaxhits.htm?sig
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription