I’ve always thought that hackers stick together when it comes to controlling someone’s machine, but apparently they don’t. The Trojan SpamThru comes with its copy of anti-virus software to remove any of its competitors from the machine.
Malware that attempt to block access to anti-virus software updates is pretty common, but this takes a different tack to keep itself ahead of its rivals. How does it work? SpamThru secretly installs a pirated copy of Kaspersky’s anti-virus for Wingate onto your compromised computer from a server controlled by hackers. It then programs to bypass any license signature checks before downloading updates. That means users remain unaware of the hidden anti-virus scanning for any of the other malware and eliminating them. SpamThru also uses P2P to control all of the machines it has infected. Even if the central server gets shut down, the hacker can immediately update his peers in the network to identify a new central server. As long as he controls one peer, his network will remain strong. All this is done so SpamThru’s built in junk mail dispatching client can operate in peace. It can even randomize the height and width of embedded gif files in the spam sent to defeat anti-spam solutions that reject e-mail with static images.
Good thing it’s easy to remove by downloading the latest set of anti-virus updates. This increase in sophistication, comparable with commercially available software out in the market, does raise an interesting question. If the hackers can use anti-virus software to promote their own ends, will security personnel come up with ways to put viruses and Trojans to good use?
[tags]news, trojans, malware[/tags]