Slashdot Mirror
Trojan Installs Anti-Virus, Removes Other Malware
An anonymous reader writes "SpamThru takes the game to a new level. The new virus uses an anti-virus engine to remove potential 'rival' infectious code." From the article: "At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation."
...plenty other crapware removing that virus. Seeing how much of that crap can coexist on one machine, I imagine these people will be forced back in line. And I don't think anything like a "civil war" fought on user's computers will be good for the users either.
Live today, because you never know what tomorrow brings
I was wondering how long before this actually happened. Back when my web server was under a barrage of malformed requests from infected IIS installations, I had the urge to create a script which would retaliate with exploiting, gaining access and patching the zombified computer... or at least, shut it down.
While I never actually did this, mostly due to lack of time and for fear of possible lawsuit, it was certainly possible. So now it's a reality, thanks to... whoever. I think it's a Good Thing.
Actually, I am waiting for the BSA to come in and sue the people whose machines were "infected" with this pirated version of Kaspersky AV software. The BSA poses a greater threat than the spywear that was removed.
User: "I didn't install it! I swear!"
BSA: "Yea right, it just installed itself...."
Tequila: It's not just for breakfast anymore!
... if virus authors are confident enough to use it as a mean to eradicate competition! This guy put enough faith in this AV to use it as defense on a compromised system. It kind of implicitly confess that, would the machine have been protected by Kaspersky, it couln't have been compromised.
Obligatory conspiracy theory: could it be a publicity stunt from Kaspersky themselves? Naaah, I'm certainly too paranoïd.
--
Arkan, who don't care anyway, as long as you can't patch DLL in-memory... on GNU/Linux
In biology, we hear that it's generally not good to regularly use some types of anti-bacterial cleansers. After awhile they start wiping out the good or innocuos types, leading to proliferation of the undesirable types. My lawn guy says the same thing about some types of weeds; apparently they keep other, larger and hardier weeds from getting a stronghold. It's funny that in the future this may be how viruses are combated in electronic devices.
"Second it install anti-virus software that chews up computing resources with out doing anything useful."
I wouldn't say that. I must say that in principle I am against all software which you can't control and know the nature of, but if you've got infected by this then you may well have got infected by a whole host of other viruses - so this seems like a good thing.
*''I can't believe it's not a hyperlink.''