Shifu Banking Trojan Has an Antivirus Feature To Keep Other Malware At Bay

An anonymous reader writes: Shifu is a banking trojan that's currently attacking 14 Japanese banks. Once it has infected a victim's machine, it will install a special module that keeps other banking-related trojans at bay. If this module sees suspicious, malware-looking content (unsigned executables) from unsecure HTTP connections, it tries to stop them. If it fails, it renames them to "infected.exx" and sends them to its C&C server. If the file is designed to autorun, Shifu will spoof an operating system "Out of memory" message.

Re:Very apt name for Portuguese speakers

[Cutriss]

"Shifu" isn't the Japanese word for "thief", it's just the romanized word "thief". It's about as intelligent as saying that the Japanese word for "basketball" is "basukettobooru."

IBM's X-Force either thinks they're being funny or clever, and it's really neither.

Re:And so it begins

[plover]

If this was 20 years ago, such things were both possible and actually not all that hard. Windows 95 allowed just about anyone to whip up a system modal dialog box. And i think there was a way to create one over port 139 using SMB.