Banking Trojan posing as Avast AV

[Ink]

A free AV product protecting a Windows XP machine, right?

No, actually it’s malware – a Brazilian Trojan banker coming via email and then using a masquerade to stay in the system. The malware is 386Kb only, written in Delphi, and comes via an email together with a bunch of many other malicious and non-malicious files.

...

Before dropping the mentioned fake Avast product, another module, based on the anti-rootkit product Avenger, tries to remove the following legitimate AV products from the system if they are installed: AVG, McAfee, Panda, Nod32, Kaspersky, Bitdefender, Norton, Microsoft Security Essentials, PSafe, Avira and Avast.

Source : Link

 

[Jack]

Interesting approach, this is why modern security producst need to have a file reputation system and sandbox as default features..... Cyber criminals will always find a smart way of exploiting a system (like using a Aveger feature to disable an antivirus), however if the file is seen for the first time, it should be automatically sandboxed, and submitted for review to the developers.

 

[Tom172]

It's so very important to download software only from the manufacturers website. Although with the recent news about ComboFix being infected with a Sality varient, this isn't always going to mean 100% clean downloads.

 

[McLovin]

Geez, their getting better at hiding what they want to get across. As Jack said everything should be Sandboxed no matter where you download it from.

 

[Fiery]

Before dropping the mentioned fake Avast product, another module, based on the anti-rootkit product Avenger, tries to remove the following legitimate AV products from the system if they are installed: AVG, McAfee, Panda, Nod32, Kaspersky, Bitdefender, Norton, Microsoft Security Essentials, PSafe, Avira and Avast.

Talk about a brute force entry..:aikido: The Avenger is FileAssassin's predecessor for XP and Vista. It was one of the most powerful kernel level tool that was used if no other tool can remove certain malicious registries and files.