Malware That Kills Competitors
Veteran malware researcher Joe Stewart was fairly sure he'd seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer.
The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software.
"This the first time I've seen this done. [It] gets points for originality," says Stewart, senior security researcher at SecureWorks, in Atlanta, Ga.
"It is simply to keep all the system resources for themselves—if they have to compete with, say, a mass-mailer virus, it really puts a damper on how much spam they can send," he added.
Most viruses and Trojans already attempt to block anti-virus software from downloading updates by tweaking hosts file to the anti-virus update sites to the localhost address.
Malicious hackers battling for control over an infected system have also removed competing malware by killing processes, removing registry keys, or setting up mutexes that fool the other malware into thinking it is already running and then exiting at start.
View slide show: Botnet Command & Control
But, as Stewart discovered during his analysis, SpamThru takes the game to a new level, actually using an anti-virus engine against potential rivals.
(read more)
0 Comments:
Post a Comment
<< Home