Trojan Targets Microsofts AntiSpyware Beta

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Malicious programmers are already sharpening their claws on Microsoft Corp.s anti-spyware software, even before the applications official release.

On Wednesday anti-virus firms said they uncovered the first malware that switches off Microsoft AntiSpyware, along with its other functions. Troj/BankAsh-A, also known as Trojan-Spy.Win32.Banker.jv and PWS-Banker.j, includes a keylogger and attempts to steal credit card details, turn off other anti-virus applications, delete files, install other malicious code and download code from the Internet, according to anti-virus vendor Sophos plc.

AntiSpyware is based on a well-regarded application from Giant Company Software, which Microsoft acquired in December, and is currently available for download in a beta version. Microsoft is expected to combine AntiSpyware with anti-virus technology purchased this week from Sybari Software Inc. for a subscription-based anti-spyware/anti-virus bundle.

“As Microsoft gets more into security, we can expect to see more attackers targeting its products,” said Sophos senior technology consultant Graham Cluley. “This Trojan is notable largely because it is the first piece of malware that targets AntiSpyware.”

The Trojan attempts to suppress AntiSpywares warning messages and deletes all the files within the applications folder, Sophos said. When the user visits particular online banking sites, the Trojan can steal login information using a keylogger or by displaying a fake login page; British online banks such as Barclays and HSBC are specifically targeted.

The program swipes passwords from Windows protected store and periodically sends the captured information to an FTP site. Troj/BankAsh-A attempts to deny access to a list of security and anti-virus Web sites.

Troj/BankAsh-A isnt widespread so far, but Cluley said Sophos has received a number of reports from infected users. It isnt clear how the Trojan has spread. Anti-virus companies including Sophos and McAfee Inc. have updated their products to detect and block the Trojan.

Microsoft has code-named its anti-spyware/anti-virus bundle strategy A1, and plans to build elements of the service directly into future versions of Windows.

/zimages/2/28571.gifeWEEK.com found the beta version of AntiSpyware to be generally effective, but noted that it allowed some major sources of adware and falsely identified some files as spyware. Click here to read the review.

Microsoft may be pressing ahead with its spyware killer, but wider industry efforts are currently on the rocks. In recent days the Consortium of Anti-Spyware Technology vendors fell apart after three founding members quit, citing disagreements over strategy.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.