October 23, 2006 4:44 PM PDT

Trojan horse installs antivirus program

by Joris Evers

In addition to setting up a compromised computer to relay spam, one example of malicious software also installs Kaspersky Lab's antivirus program to get rid of competing malicious software.

The culprit is a Trojan horse sometimes called "SpamThru," according to a write-up by Joe Stewart, a researcher with SecureWorks. "SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code," Stewart wrote last week.

When it first gets onto a PC, SpamThru connects to a control server and subsequently installs a pirated copy of Kaspersky AntiVirus, Stewart wrote. The system then starts a scan for malicious software, skipping files that it detects are part of its own installation, he wrote.

"SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals," Stewart wrote. "Any other malware found on the system is then set up to be deleted by Windows at the next reboot."

Topics:: Security

Share:: Digg; Del.icio.us; Reddit; Facebook

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Business Tech
Week in review: A speedier new Firefox
Mozilla's latest version plays catch-up with the browser competition. Also: the latest in Windows 7 news, and a Yahoo data center in a new shade of green.
Gallery
Photos: The Transcontinental Railroad's Golden Spike
Apple
Employee shot, wounded at Virginia Apple store
The victim, a 26-year-old woman, is in serious but stable condition with a wound to the shoulder. Some media outlets are reporting robbery as the motive, but police say it's too early to tell.
Beyond Binary
Windows 7 may get a 'Family Pack'
Enthusiasts have spotted wording in a leaked test build of the operating system that suggests Microsoft may offer a three-PC deal with the new Windows.
Video
Video: iPhone 3G S launch in New York City
Digital Media
Seattle fire knocks out service to Bing Travel, other sites
At least two dozen sites experience protracted outage following Thursday night electrical fire at Fisher Plaza data center. Verizon's Seattle-area DSL service also gets temporarily disrupted.
Video
A recipe for high-tech chocolate
Geek Gestalt
Where the Transcontinental Railroad finally joined
At Promontory Summit, Utah, the Central Pacific Railroad and the Union Pacific Railroad met on May 10, 1869 after 1,776 miles of track had been laid over six years.
The Space Shot
Lunar mapping satellite snaps first test images
NASA's Lunar Reconnaissance Orbiter has snapped its first test images, showing the moon's starkly cratered terrain in preparation for the start of mapping operations.
Gallery
Photos: Top-rated reviews of the week
The Audiophiliac
Poll: Why don't you have an iPod or MP3 player?
What's wrong with you? Doesn't everybody have one of these things?
The Car Tech blog
Fisker's good Karma
At a dinner speech recently, Henrik Fisker laid out his plans for Fisker Automotive and its first car, the plug-in hybrid Karma.

Trojan horse installs antivirus program

Security

Report offensive content:

E-mail this comment to a friend.

Warning! You will be deleting this comment and all its replies (if applicable).

Most Popular

Making sense of Windows 7 upgrades

Road Trip 2009: Big Sky Country

About News Blog

Inside CNET News