New IM Worm Blocks Access to AV Sites

[jamescv7]

Security researchers warn that a malicious component distributed by an IM worm cripples antivirus systems and blocks access to many security-related websites.

The attack begins with malicious links spammed on Windows Live Messenger leading users to rogue pages distributing the trojan dropper.

According to BitDefender's Bogdan Botezatu "the payload is presented as multiple sections of Base-16 Unicode data.

"Conversion to ANSI reveals a set of buffers split by a separator. Ignoring the separators and dumping the data reveals an encrypted file packed with UPX."

The trojan attempts to cripple antivirus programs, but not in the traditional way by using a rootkit. Instead, it closes some of the processes which makes user's interaction with the security programs impossible.

Link

 

[LoftedAphid86]

If it only prevents user interaction, surely security programs like Avast and Norton would be unaffected as they automatically perform actions against malware.
Is this true?

 

[jamescv7]

Yes when it will performed against malware then it will blocked quickly.

 

[LoftedAphid86]

Yes when it will performed against malware then it will blocked quickly.

Do you mean that the antivirus would block it?

 

[jamescv7]

Yes the antivirus will blocked it.