Client Login
 Quick Contact
Cloud Antivirus Security Threatened By Bohu Trojan
Category : General 20 Jan 2011 11:11 AM | Industry News
The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or block access to anti-virus websites from infected machines.
The attack appears to aim to knock out the additional layer of security that many antivirus companies have added to bolster defences and reduce the processing burden of ever-expanding signature databases.
Bohu - which was spotted by anti-virus researchers working for Microsoft in China - is hardwired to block access to cloud-based net services from Kingsoft, Qihoo, and Rising. All three firms are based in China.
After compromising a system, the Trojan creates and installs a number of files. It also installs a Network Driver Interface Specification (NDIS) filter, modifies the registry and writes random junk data into the end of its key payload components to dodge hash-based detection used by cloud-based anti-virus technologies.
In combination with the other two techniques, it is clear that they are specifically targeting some of the newer cloud based technologies,« he added. »The other two methods are more difficult to pull off, reliably modifying NDIS for the malware’s cloud-severing purposes is not trivial. But it’s certainly not the first time that malware attempts to suffocate protective technologies’ access to the Internet.