Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Trojan Targets Microsofts AntiSpyware Beta



 By: Matthew Broersma
2005-02-10
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Security researchers say they have found the first malware aimed at Microsoft's new anti-spyware software.

Malicious programmers are already sharpening their claws on Microsoft Corp.s anti-spyware software, even before the applications official release.

On Wednesday anti-virus firms said they uncovered the first malware that switches off Microsoft AntiSpyware, along with its other functions. Troj/BankAsh-A, also known as Trojan-Spy.Win32.Banker.jv and PWS-Banker.j, includes a keylogger and attempts to steal credit card details, turn off other anti-virus applications, delete files, install other malicious code and download code from the Internet, according to anti-virus vendor Sophos plc.

AntiSpyware is based on a well-regarded application from Giant Company Software, which Microsoft acquired in December, and is currently available for download in a beta version. Microsoft is expected to combine AntiSpyware with anti-virus technology purchased this week from Sybari Software Inc. for a subscription-based anti-spyware/anti-virus bundle.

Resource Library:
"As Microsoft gets more into security, we can expect to see more attackers targeting its products," said Sophos senior technology consultant Graham Cluley. "This Trojan is notable largely because it is the first piece of malware that targets AntiSpyware."

The Trojan attempts to suppress AntiSpywares warning messages and deletes all the files within the applications folder, Sophos said. When the user visits particular online banking sites, the Trojan can steal login information using a keylogger or by displaying a fake login page; British online banks such as Barclays and HSBC are specifically targeted.

The program swipes passwords from Windows protected store and periodically sends the captured information to an FTP site. Troj/BankAsh-A attempts to deny access to a list of security and anti-virus Web sites.

Troj/BankAsh-A isnt widespread so far, but Cluley said Sophos has received a number of reports from infected users. It isnt clear how the Trojan has spread. Anti-virus companies including Sophos and McAfee Inc. have updated their products to detect and block the Trojan.

Microsoft has code-named its anti-spyware/anti-virus bundle strategy A1, and plans to build elements of the service directly into future versions of Windows.

eWEEK.com found the beta version of AntiSpyware to be generally effective, but noted that it allowed some major sources of adware and falsely identified some files as spyware. Click here to read the review.

Microsoft may be pressing ahead with its spyware killer, but wider industry efforts are currently on the rocks. In recent days the Consortium of Anti-Spyware Technology vendors fell apart after three founding members quit, citing disagreements over strategy.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Trojan Targets Microsofts AntiSpyware Beta
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matthew Broersma
 


x}kw⸲Z4ݓ}baIH$d=e@'MfYOx$@=tJTRJR;;~$raCK{83)ٝÞG.7胷K$|?TEKmwHZNɑ5M)a]7U S7W?`[0wD!x_'Щѩ:€dBįiwtL}n~lv .hѴe"lG: rסqO<nZN\QCѺYQ9ijMcxH&GK;߃"}x8ݱa/DeO$*F<u/b= ya_;U+SiCQeKV}ltyrs!#kKݽ>H}H%ߜqؓ:IthlUD`IRi3<L9L(ÑcS;Mۅ) Ta3#}j5tsx%y5F@c[!>Bc 3.vߟDR f% a̳#v?wmE[UR׳߀}}p7v5< 3|3}gZENH* ?qބїt`oVtTa_dY fi ywҾVUBXW֯Cgv{ݠּ}sUMSU:G|MݺSh[#ZAۇlߴ;.jl^\[r - |'LR*rP8ƙȃ t0jju`%rM7Ja߹~ASC TqnaE郕4b™EU}dV{"?[WM$MyY6f0ZhCA+W?#{c@ժuuҾ 9i~l7; KOC0\2:֪Vlxmķqj{z dPk`sgKji_Rs"3t>~n?]IN±,tO?λ[B7ey#;7#R(?̱nOo4!`J}`usfr@k FPYDwa6R\ 9ho)6B̄H )s7R?or@@Z\~nV Eٛ"K;z0r!DKI88#'${wsQ 90u1;: ZoV͉*]XYujZl|.~iQָ~lt?4OH}if8kNjDf",$갤UJ JEoAG'Cf[ԒLPòÔuyuO{ZC>/9S:4fZ_@=: M/}@˥~n`b>%äp;p<{?.v13;/\1<)ZN=H:]6(Zl׃$ǖA ϛL=s%08{ɽ5zy0ݻ}{`y1&=դ; Tgg ,u]@y^@=90Pl~7L0gJC-@i0xzODȥiω.B$(ZȻ!Al~ [ķ Xhl+ ~'~rGBjK%6Os@PG҅={jX*̈́bZ z)3ٜMbL=?U Z9!{MfT`[ụLKak Un,`oʡ헫ƽ #.hfCҀ%LlA`3Ґ( s3~n~tl9:f3,35g?0q}aY k94m<ͩaqb &$tTDh ] HqڛuVwӠ<9a* ,qw"3Ͱ&qOȃ=5p TfЬ||=厬m_4@>J|zS.z: $r%5kb$T`CfL <<Gy^ʒtɕU.F(iJ~ xj~#J=}xO]('z{JFJV >zh'>eg Ht[I%7KZTM^ӛA'~. B[+žY$^&ے8¢85E]QZRKi$"!dsaŰ,B /0\:Cb&^fxhQ&Nw϶=|qö/U WÛ@4-jISJ4%j<[`B]PeܠQ@Jg~g &% Y=mGn'OP93?磘YTE480T]2akRhjUa&s(Ḡ'6a`%|w0rl_|8^,- ;ua[jH 1e$@0m"]A`iNR} 0^g4Ÿ3i[HySI_.)UH?~1:2.eX PY΁5mIelӴ 'jY$Ei84$]rɧSw> < đNT׽BYaT(h]~~ym kcXe[;pM2=H} [L N3T'/łc< ֚pGuw0Ǟ$o+:Qah"pHE1AxZ)4~x= *O$B\--UŨN=N) =gw`qy0zeyK&C3ݧ=1g匬~3|o#zT+BZᮧVVR尨V*̠ L3y)' Sf<Ǟ=y翼3q~槃15N?)=zK]G>snW6}K>8N-â'-h'NH] ˏ͎GO}TS}^SRBVAEKბW'KV=i vl fjSq %l`EYۇΌg?Y7i`9268+Ѿ,XrUTՒGRU#tT#CWa{0 X]Qi)oP9o_Q4*ZЁP}͹5u4s=X\``!~X5LAMS؇b_@T_-9kxAk‡1eD!#ҧ>z p[kh0h'v*wԪ6 h)Rfp+sJbOW2ED7Ex KgQyϤ`#|={ |lڳa 6V=_`ŦtY S|[P tfVȭ>N60"('cjZ) ؐ9.| 3p3g`̦s`p LBwl郻#yU5|m*u n1}a%[ŜPx` fzlhUkIur`*+ZRb>*j4rOkYD+(++i-Z2~)6W"h -#z; Ky3[,X>DД5ϨxdRb u k(Qha[U `3Wf48َcVpDM"?ҁh)03?2RCyp'Zu_`ӪV$,: 7Cw{d,-BGI}' \&I's⿿f﹦hzp|Do0|70FHΙrQӊ5JR#04C: &GG.e!EO*LJ_0 s>B-a'd1s<ɷw>Ԅכ[CaV&6n{߼\'7ƒ"'! M+գgN' eV05׌&d{G= ПBQ`о(&[ϳMdU]uvhEw%])hl}ՕNOxg?ٿnwZV00f߫%q_KKxiguu)X?i:Z&? eD&fp=$I}"qrҺ:nxmy "8-odG4rvۗeu%$}ܾhxuՔ⽎uעփ w"E%9!hUHf&82 6MF1SW5! ॑a3+" Z[ƥ}sҼ̂ Ӝ8"j?3`n ʃa* ۵cgEw|uY1x|PRC (ʡ=`=`V鈓V)<\b/ڍ$VB 0F_TJh)4J::)K<;io) 5;E_ѫſ B^$}1y*}y:}_exD+%GBI{p3XXъqvI#i_a~2)}@OMN9˞~H 7( Í7w JE p!BN L5W"v {t#12퇃ADwރx e~=m0결nJlx0eRL蔀''C8 z>RB'TIո'"8I5F4A2 uI@? Mx4HPWhd(lA:׍ Jcmfyj.϶n+ ̃ ,-Y+4$/i\A1t[Ǎ`",G7Dh <J[LkX!*VZ\Zry;q9z])LU9 yu?_9U+۾nO-ßtAH4S ~'#c eީӊNf|u;ѺB ^ݞE5;]}pG7vbRzco]Qw.=]bwQ({]dOkmIr]ZD܎qw5V {ћrE(ѫj ȓGD6o"iv.R_;+_14+M*z>s[fv?cD>dOC@/5Mvh鼳^27}؞qn"LpXOġ`G ܍)³$`D@7<缩g6A jm JN XW+Oiƿ'&IFܱSo-*ߞ1;o*N{cE|3̔ u\ kM֟U_s 1 |cM%%&p$~qI̼V&$o Z]ߕqi+BxݭoSZđbv).6h5,ߐ>1?_/u\Htf=cW#΄&/gs xf 9<>Kh kjZNJVnPCVcQk/T ffr X^S٩#lqY/T>Y|:v ~i0[!@HNN](^/t L kzt.ÝE"Qs v DL{'r<^uRwf1;^g@W~bA9+Q( Nlsm)‰? R1|n?H]{hjB[%fex@s9NS^>fc"P4UjAS?iIBljSXP1Z|ݖxNBNbm1KS[Y)>8KKgιHuǡX qp߸˖Z뛗}TޔʯJH䙡C/㊾1౪[rHv݄'18OmDe5bژ*/>☡3$Z L &_->-c -0@8okMoXp{sIO36NNMqp A,bU|}oy3RI/L(5f*OL hK텙bjkQZ$> 翵HëJ. CW,9tF\]d5 9Ta5VɭL}2P)`^\&RgfX&%NmHc Xj$zxoM*ףaV_Wbñ|1[3 $v/Q+_q @x!=m^bB{&"!&)a5 F9XA~q.̾=SMݓnc>i^'ex$Nx] x(oj}{Ň=r˜]l oKH8Cyiauk|/poTlA j8ӖRGD DT PtԢ1LŦ.oCq{n{n{n{n(5m_$Jga &0 #ͲH23zNNQͨ T@H6<@zSL|}7O_p#͗Wtwخaq}ԪB W'b Q=WsDQmqJuf aeY- [.~{ҹW__KvBL;,n%'ycxwL7A+`BdP!oo7=D{S\뛖jΞ.$kNy~O#9Z:)a7Vm"Nk-=9-m:^΢h:wsJEi nU7apב\H10e" azE_ 40l:G'_$v,n V8WHStB;xS4Lu#Y'$}ߞ;[8UמxczUJZ)r.HFY'1φ״=-knbɸej{c;G_֖oKfoʏd8̬܋#՘45w妷OA0;CM`Zd;7pxin$5v?hVro&qqljWa~ZT欈^[ˮ]:RYoYVBˬeWlp%bd@/^j L]L)6++:S}lߍ;g}Lopk1yI.Fʼn=yxHN[S`܀)ZWQ5FRP3YP ǜa$$}h!:-Br06~V{xvO+u@amIY(eͦbl1aS룼 :&M_Ÿcw|G~RJq'dLu?q' &|ߠ}>ybuJɨQ?^@x8n%x =Vq6c '|oG㎈I 9twiTh&",tb`qg$Pְj &Oc@K(H"`q<tQ:..x*@H>S|XP؟cυAt7QI8HL0SOlY­tȃ0T]wqs&+S>v`c\mZov*' D_w=:ǂu`)s!aZ;82Q׏IL uX\FB(s R;H u34HOP-Ō/+z+U'I]UiO)9#{ywKwy?7.va&hD慾 ˙ţ, rzոl2;eFq(#?\h^Dqɂw]$;颱8/ı=?Vb D(/& ^&6钞BMѲpZOkJ:ٙ%g!0Crt.r:X)` ZIa cs!>4/]ҾjIkꋲ `Nj7&qtfov{nI31?N 9͠,g\uN2CZCL*=\}''x)Ȁ]2c|. /e|e}/>/3K D#ޟgx*c|@~2 *cvF۠ _?3_gԿw2u3x>dGx1=1@Yo3ڿh6s$eC!gk\8=Re/GR*Ȫ_yzKӌ>Cx/Ү3 : 3/:^}NF&q$\a g-5ͩncn%:@b=a/! c|*,xW&s1hpVydcb byeï?+(1wO»ϝ)nsu5mbr-XѧZ}5_9>qu==}۾|,yM`p21'KYʘwT/3yk0|>?ft{|MtKnlxr%= #r75ilŭpg?:/ydVZՕ |3O߆zIٝ8=\G](Wl<-t&l\ef(+@B^@wwu _=e\7~m:7'wk`4oY=fZ}2_SԯyԉeBg`X`$"7<R9Cq` an)7}=o.[sqglcao`@R#9g֗EM++J9wWrDa{DDK1Q5YUdJ*{jeeTLg/(Fuo*K0>z!bhì[P=^>"Kj k"1 ͛YȌLn,_v3v_ۑ 1 1@eN"Զ1*zgox g^fLX>&-\ʠaCa,%s6Nح? c|𶁞V35̗>ڭkұ͙o2 6LG4 h [ǫ1h_ DY/Y{N6 )4Mϫ΢P{j֋QRVr.f~LFgU&R,`+/2^;'gH2Gd!᳤c*9.S2m-(Eǭ6i v",d/+2ׄ!lY|8#eI:.>į \*)H@%[b9G(]! ""_Sas5.X&">m='6}NuӟH "@"d԰tk /[vNU88ٶ2OA=p ӏe[ |k## 0y n=ձ]w O`7@#>Frd{Ko{~0pL%^cHPWWݜ햏 Xo| 8hO.dzl}π!Xs}Q %ɷ` ]ݝu^nTf/Y r@c]T!ng `cwDl .3.5/^& pWa!*e;1MP`xOΙɎ>is;n]r$^x kYoc3gz3{<=v;sf}&+_w%!gXh[f1RpCV)tO㋰6 o._X (K# Ls.\Rjãƍ5,c<ԭ}6  <ЩBn:?c5VѻmnJQa#u4MnۊA{zwn}#\ ^f#pm ɸ{%̅FdaeZ-*?҂g'QL aavX