Trojan Targets Microsofts AntiSpyware Beta | eWeek

Trojan Targets Microsofts AntiSpyware Beta

Feb 10, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Malicious programmers are already sharpening their claws on Microsoft Corp.s anti-spyware software, even before the applications official release.

On Wednesday anti-virus firms said they uncovered the first malware that switches off Microsoft AntiSpyware, along with its other functions. Troj/BankAsh-A, also known as Trojan-Spy.Win32.Banker.jv and PWS-Banker.j, includes a keylogger and attempts to steal credit card details, turn off other anti-virus applications, delete files, install other malicious code and download code from the Internet, according to anti-virus vendor Sophos plc.

AntiSpyware is based on a well-regarded application from Giant Company Software, which Microsoft acquired in December, and is currently available for download in a beta version. Microsoft is expected to combine AntiSpyware with anti-virus technology purchased this week from Sybari Software Inc. for a subscription-based anti-spyware/anti-virus bundle.

“As Microsoft gets more into security, we can expect to see more attackers targeting its products,” said Sophos senior technology consultant Graham Cluley. “This Trojan is notable largely because it is the first piece of malware that targets AntiSpyware.”

The Trojan attempts to suppress AntiSpywares warning messages and deletes all the files within the applications folder, Sophos said. When the user visits particular online banking sites, the Trojan can steal login information using a keylogger or by displaying a fake login page; British online banks such as Barclays and HSBC are specifically targeted.

The program swipes passwords from Windows protected store and periodically sends the captured information to an FTP site. Troj/BankAsh-A attempts to deny access to a list of security and anti-virus Web sites.

Troj/BankAsh-A isnt widespread so far, but Cluley said Sophos has received a number of reports from infected users. It isnt clear how the Trojan has spread. Anti-virus companies including Sophos and McAfee Inc. have updated their products to detect and block the Trojan.

Microsoft has code-named its anti-spyware/anti-virus bundle strategy A1, and plans to build elements of the service directly into future versions of Windows.

/zimages/2/28571.gifeWEEK.com found the beta version of AntiSpyware to be generally effective, but noted that it allowed some major sources of adware and falsely identified some files as spyware.Click hereto read the review.

Microsoft may be pressing ahead with its spyware killer, but wider industry efforts are currently on the rocks. In recent days the Consortium of Anti-Spyware Technology vendors fell apart after three founding members quit, citing disagreements over strategy.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.