Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Spam Trojan Installs Own Anti-Virus Scanner

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA

PostPosted: Tue Oct 24, 2006 6:16 am    Post subject: Spam Trojan Installs Own Anti-Virus Scanner Reply with quote

Quote:
...the SpamThru Trojan—a piece of malware designed to send spam from an infected computer. The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software...Malicious hackers battling for control over an infected system have also removed competing malware by killing processes, removing registry keys, or setting up mutexes that fool the other malware into thinking it is already running and then exiting at start....SpamThru takes the game to a new level, actually using an anti-virus engine against potential rivals.

At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license...Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation...


http://www.eweek.com/article2/0,1895,2034680,00.asp
_________________
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
franthy
Junior Member


Joined: 09 Aug 2006
Last Visit: 25 Feb 2008
Posts: 40
Location: Denmark

PostPosted: Tue Nov 14, 2006 11:48 am    Post subject: Reply with quote

Hi Smile

FYI

Here is some Statistics on SpamThru :

# 1: http://www.secureworks.com/analysis/spamthru/

# 2 (latest): http://www.secureworks.com/analysis/spamthru-stats/?WT.svl=bestoftheweb1

With kind regards
Franthy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group