Shifu Banking Trojan Has an Antivirus Feature To Keep Other Malware At Bay

An anonymous reader writes: Shifu is a banking trojan that's currently attacking 14 Japanese banks. Once it has infected a victim's machine, it will install a special module that keeps other banking-related trojans at bay. If this module sees suspicious, malware-looking content (unsigned executables) from unsecure HTTP connections, it tries to stop them. If it fails, it renames them to "infected.exx" and sends them to its C&C server. If the file is designed to autorun, Shifu will spoof an operating system "Out of memory" message.

Microsoft and XP

[Qzukk]

Microsoft ought to issue one last update for XP to replace IE's "this site is broken and sucks shit" message with "this browser is broken and you need to upgrade to access secure sites"

That's the only way I'll ever be able to remove support for XP's https implementation from my servers (or until 2020 or so when the last of the XP boxes finally have their harddrive fail and a new computer bought)

And so it begins

[DFDumont]

This is the first published report I've seen regarding a technique I've been promoting for a decade. Inoculation. If you find an infected machine, take control and fix it. Slashdot commenters universally reply to this technique with sarcasm, warnings of legal action or downright vitriol but the technique stands as the only way to move forward. The best defense after all is an offense and all current and future planned security activities are reactive in nature. As long as you wait for all the other machines to be patched and comply with security best practices, you will never stop waiting and your services will be under attack.
There was a small script I wrote a number of years back when I first got broadband access at my home. My firewall was being inundated by attacks from the metro loop so I wrote something that scanned the source IP for well-known exploits. If one was found, it used said exploit to take enough control to put a system level dialogue box up that said "Your machine has been infected by a virus - please fix this immediately", and then listed the virus it used to gain access. This ran for about a month until my provider called me and asked me to desist.

Re:And so it begins

[plover]

If this was 20 years ago, such things were both possible and actually not all that hard. Windows 95 allowed just about anyone to whip up a system modal dialog box. And i think there was a way to create one over port 139 using SMB.

Re:And so it begins

You should have stayed behind seven proxies, bro.

A Good Antivirus

I have been looking for a good antivirus for a while now. Is this free and where can I download it? //Signed//
A Concerned User

Industry imitates life

[rmdingler]

A Darwin virus, which expands the likelihood of its own survival by diminishing the survival rate of a competitor for the same resources.

Very interesting!

Re:Very apt name for Portuguese speakers

[Cutriss]

"Shifu" isn't the Japanese word for "thief", it's just the romanized word "thief". It's about as intelligent as saying that the Japanese word for "basketball" is "basukettobooru."

IBM's X-Force either thinks they're being funny or clever, and it's really neither.

Re:Very apt name for Portuguese speakers

[TheP4st]

Shifu is used in several Chinese dialects to express respect for someone's skill, for example by students of martial arts as a way of addressing their master.

Re:Trojan Price-war

Yeah, but which one keeps McAfee out?

Re:Trojan Price-war

[bob_super]

> people will opt to keep those malwares that steal the least amount of money, while keeping the most amount of other malware out of their computer

There's already a name for that protection racket, it's called an anti-virus subscription.

Re:Old news

[barbariccow]

Kinda reminded me of Welchia from 2003. It infected computers and patched them: https://en.wikipedia.org/wiki/...