Slashdot Mirror
Shifu Banking Trojan Has an Antivirus Feature To Keep Other Malware At Bay
An anonymous reader writes: Shifu is a banking trojan that's currently attacking 14 Japanese banks. Once it has infected a victim's machine, it will install a special module that keeps other banking-related trojans at bay. If this module sees suspicious, malware-looking content (unsigned executables) from unsecure HTTP connections, it tries to stop them. If it fails, it renames them to "infected.exx" and sends them to its C&C server. If the file is designed to autorun, Shifu will spoof an operating system "Out of memory" message.
This is the first published report I've seen regarding a technique I've been promoting for a decade. Inoculation. If you find an infected machine, take control and fix it. Slashdot commenters universally reply to this technique with sarcasm, warnings of legal action or downright vitriol but the technique stands as the only way to move forward. The best defense after all is an offense and all current and future planned security activities are reactive in nature. As long as you wait for all the other machines to be patched and comply with security best practices, you will never stop waiting and your services will be under attack.
There was a small script I wrote a number of years back when I first got broadband access at my home. My firewall was being inundated by attacks from the metro loop so I wrote something that scanned the source IP for well-known exploits. If one was found, it used said exploit to take enough control to put a system level dialogue box up that said "Your machine has been infected by a virus - please fix this immediately", and then listed the virus it used to gain access. This ran for about a month until my provider called me and asked me to desist.
> people will opt to keep those malwares that steal the least amount of money, while keeping the most amount of other malware out of their computer
There's already a name for that protection racket, it's called an anti-virus subscription.