Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Installs Anti-Virus, Removes Other Malware

Posted by ryuzaki0 on from the clever-little-monkey dept.

An anonymous reader writes "SpamThru takes the game to a new level. The new virus uses an anti-virus engine to remove potential 'rival' infectious code." From the article: "At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation."

5 of 202 comments (clear)

  1. Coming up next... by Kjella · · Score: 5, Interesting

    ...plenty other crapware removing that virus. Seeing how much of that crap can coexist on one machine, I imagine these people will be forced back in line. And I don't think anything like a "civil war" fought on user's computers will be good for the users either.

    --
    Live today, because you never know what tomorrow brings
  2. Re:This is great! by UPi · · Score: 5, Interesting

    I was wondering how long before this actually happened. Back when my web server was under a barrage of malformed requests from infected IIS installations, I had the urge to create a script which would retaliate with exploiting, gaining access and patching the zombified computer... or at least, shut it down.

    While I never actually did this, mostly due to lack of time and for fear of possible lawsuit, it was certainly possible. So now it's a reality, thanks to... whoever. I think it's a Good Thing.

  3. Re:A wise move by Pharmboy · · Score: 5, Interesting

    Actually, I am waiting for the BSA to come in and sue the people whose machines were "infected" with this pirated version of Kaspersky AV software. The BSA poses a greater threat than the spywear that was removed.

    User: "I didn't install it! I swear!"
    BSA: "Yea right, it just installed itself...."

    --
    Tequila: It's not just for breakfast anymore!
  4. Says a lot about Kaspersky... by Arkan · · Score: 5, Interesting

    ... if virus authors are confident enough to use it as a mean to eradicate competition! This guy put enough faith in this AV to use it as defense on a compromised system. It kind of implicitly confess that, would the machine have been protected by Kaspersky, it couln't have been compromised.

    Obligatory conspiracy theory: could it be a publicity stunt from Kaspersky themselves? Naaah, I'm certainly too paranoïd.

    --
    Arkan, who don't care anyway, as long as you can't patch DLL in-memory... on GNU/Linux

  5. Art imitates life by digitalhermit · · Score: 5, Interesting

    In biology, we hear that it's generally not good to regularly use some types of anti-bacterial cleansers. After awhile they start wiping out the good or innocuos types, leading to proliferation of the undesirable types. My lawn guy says the same thing about some types of weeds; apparently they keep other, larger and hardier weeds from getting a stronghold. It's funny that in the future this may be how viruses are combated in electronic devices.