Researchers at Websense have uncovered a new Trojan that poses as a Windows Input Method Editor, or IME, and infects a system.
IME is a Windows component that allows users to input characters or symbols on their keyboard from other alphabets.
According to a July 5 blog post by Websense, “The Trojan can install itself as an IME, then it kills any running antivirus processes and deletes the installed antivirus executable files. The original executable file of this Trojan disguises itself as an antivirus update package.
“When a user runs the Trojan, it creates a file named winnea.ime under the system folder … [This] shows an interesting way that Trojans can … inject themselves into a system. The input method in Windows is now a popular way for hackers to inject malicious code.”
Websense said its customers are protected against the attack.