Trojan disables MS Anti-spyware

A soft spot on the underbelly of Microsoft Corp.’s Anti-Spyware program, now in its first beta, has been discovered and exploited by the BankASH-A Trojan, discovered Wednesday by Sophos Inc.

This Trojan lies dormant until the user visits the Web sites of targeted banks including Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile, according to Sophos.

When the user logs on to the site, BankASH-A does one of two things: It either activates a key-logging program, which steals a user’s online banking ID and password or it redirects them to a bogus login page, explained Gregg Mastoras, senior security analyst at Sophos in Boston.

BanakASH-A is the first Trojan found to affect Microsoft’s Anti-Spyware by disabling the program, Mastoras explained. It is also uses the aliases Trojan-Spy.Win32.Banker.jv and PWS-Banker.j, according to Sophos.

“It’s a demonstration that (virus writers) are attacking Microsoft’s new security products,” he said. It has only been about one month since the Anti-Spyware beta was released.

“Microsoft is actively investigating new public reports of a criminal attack, known as the “BankAsh-A Trojan” that attempts to disable the Microsoft Windows AntiSpyware beta,” Carol Terentiak, security strategy and response manager at Microsoft Canada Co. in Mississauga Ont. said in a statement.

So far no Canadian or U.S. banks have been targeted by BankASH-A, he said. However, Canadian banks have been affected by similar Trojans in the past and it’s likely they will also be targets in the future, Mastoras said. “We’ve seen a greater number of these (Trojans) in the past couple of months. It really speaks to the greater trend of Trojans and worms written for financial gain rather than a teenager in basement (who wants) to gain notoriety.”

For example, the Banker-AJ Trojan was very similar, Mastoras added. Banker-AJ was developed by an organized crime ring in Brazil, which ended up stealing around US$30 million from Brazilian banks.

The only way to protect against Banker-AJ is to ensure antivirus software is kept up-to-date, he said.

For more information visit this site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now