October 26th, 2006 @ 6:21 pm
its my box now!
Spam Trojan Installs Own Anti-Virus Scanner
The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software.At start-up, the Trojan requests and loads a DLL from the author’s command-and-control server.
This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system.
It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said.
Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation.
“Any other malware found on the system is then set up to be deleted by Windows at the next reboot,” he added.
so…
now malware companies are gonna start fighting over zombie computers, installing haxed anti-virus software to get rid of the competition on the box, so they can eat up its resources for themselves.
via Boing Boing: Malware kills competitors with anti-virus warez
