Trojan built to disable cloud antivirus

Powered by SC Magazine
 

Crafty Chinese malware writers.

Microsoft has discovered a Trojan that aims to sever the connection between a device and the cloud antivirus (AV) service that is meant to protect it.

The Bohu Trojan, which targets Windows machines, contains three main functions: evade detection, install a filter that blocks traffic between the device and service provider, and prevent the local installation from uploading data to the server.

The attack appears to aim to knock out the additional layer of security that many antivirus companies have added to bolster defences and reduce the processing burden of ever-expanding signature databases.

"Cloud-based virus detection generally works by client sending important threat data to the server for backend analysis, and subsequently acquiring further detection and removal instruction," Jingli Li and Zhitao Zhou of Microsoft Malware Protection Center wrote on the company's blog.

"The process can take seconds to minutes, and is designed to remove malware not handled by the traditional on-the-box signature approach."

Kaspersky, Microsoft and Sophos have developed signatures for the Bohu trojan, which the researchers noted relies on the user installing, installing a rigged video codec.

According to Microsoft's researchers, the network driver that Bohu installs probes for HTTP request keywords and the cloud-server names of major Chinese AV vendors, Kingsoft, Qihoo, and Rising, the company involved in a corruption fiasco, which resulted in a suspended death sentence for a senior Chinese bureaucrat.

Copyright © iTnews.com.au . All rights reserved.


Trojan built to disable cloud antivirus
 
 
 
Top Stories
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
 
Australia's leaders agree to end GST-free online goods
Gerry Harvey may finally get his way.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Windows 10 is here! (For some)
Jul 29, 2015
Delivery of the free upgrade versions of Windows 10 began today - have you got yours yet?
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  13%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  19%
TOTAL VOTES: 715

Vote