Trojan horse installs antivirus program

October 25, 2006 at 5:26 am (technews)

In addition to setting up a compromised computer to relay spam, one example of malicious software also installs Kaspersky Lab’s antivirus program to get rid of competing malicious software.

The culprit is a Trojan horse sometimes called “SpamThru,” according to a write-up by Joe Stewart, a researcher with SecureWorks. “SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code,” Stewart wrote last week.

When it first gets onto a PC, SpamThru connects to a control server and subsequently installs a pirated copy of Kaspersky AntiVirus, Stewart wrote. The system then starts a scan for malicious software, skipping files that it detects are part of its own installation, he wrote.

“SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals,” Stewart wrote. “Any other malware found on the system is then set up to be deleted by Windows at the next reboot.”

Advertisements

2 Comments

  1. Maria said,

    Nice info. Thanks for sharing.

  2. Legostogy said,

    oh yeah, one more thing Sometimes I can’t help but surrender to my crazy note I have a fresh joke for you) Did you hear about the guy who ran through the screen door? He strained himself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: