In association with heise online

23 October 2006, 12:08

Trojan uses virus scanner

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The authors of the SpamThru trojan - also known by a series of other cryptic aliases - have come up with a new twist to elbow out competitors for computers it has conquered. As demonstrated in an extensive analysis by SecureWorks, SpamThru downloads a DLL (Dynamic Link Library) from a central control server when it is launched. This in turn acquires a pirated copy of the Kaspersky AntiVirus for WinGate virus scanner and installs it into a hidden directory. Following a patching of the license request and a ten minute pause, the virus scanner then begins eliminating its competitors. The SpamThru files are skipped, however. There have already been several cases of malware in the past seeking to deactivate or delete their rivals on the same infected computer. SpamThru's harnessing of a virus scanner for this task is something new, though.

SpamThru serves as a Botnet for distributing spam mail, but can also generate spam as well.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit