Antivirus vendor Sophos reported this week that the BankAsh-A Trojan, a malicious software program thatsilently infects and corrupts computers, was disabling Microsoft’s new AntiSpyware software and attempting to steal passwords and other banking information from Windows users. The Trojan represents the first effort to thwart Microsoft’s anti-spyware software, which is now in beta.
Its effects were mitigated by the fact that, unlike a virus or worm, it was not capable of spreading itself and relied on spam e-mail and bogus Web sites to propagate.
Security experts said such an attack on Microsoft’s anti-spyware software is not surprising, as attackers often probe new software for holes. There are concerns, however, that Microsoft’s growing presence in the security sector may mean that a large number of victims will be using the same vulnerable software. The widespread attacks now aimed at Internet Explorer and Outlook, experts say, may soon focus on Microsoft’s security software.
Disable and Delete
The BankAsh-A Trojan was designed to steal system passwords, online banking passwords and other information from Windows users, Sophos said. Sophos warned that the Trojan targets users of UK online banks including Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile.
The Trojan also attempts to suppress Microsoft AntiSpyware warning messages and deletes all files within the security program’s folder.
Widespread Use and Abuse
Graham Cluley, Sophos senior technology consultant, said the Trojan may be followed by many similar attacks.
“As Microsoft’s product creeps out of beta, and is properly released and is adopted by the home user market, we can expect to see more and more attempts by Trojan horses, viruses and worms to try and undermine its effectiveness,” Cluley said in a statement.
To avoid information theft and infection from viruses, spam and spyware, Sophos and other security providers recommend updated software protection against each type of malware.
Common Criminal Activity
Ken Dunham, iDefense director of malicious code intelligence, told TechNewsWorld the BankAsh-A Trojan was the latest in a string of security-sabotaging Trojans and bots that began 18 months ago.
“It’s rather trivial to add new process names or files of origin to disable or delete [security software],” Dunham said. “It’s not uncommon. It doesn’t surprise me and I think we’ll see a lot of it.”
The security expert said the security-disabling attacks will likely be improved by attackers using automated tools and readily available chunks of attack code.
“It’s not going to be long before all types of malicious code, especially Trojans and bots, block security,” Dunham said.
Microsoft’s Security Scope
Dunham worries about the implications for businesses and consumers of Microsoft’s recent series of security acquisitions, which have included anti-spyware maker Giant and, most recently, antivirus company Sybari.
While some smaller security firms are rightfully concerned about being pushed out of the market by a competitor as imposing as Microsoft, he said, individual Windows users should also be worried.
“There are many implications,” Dunham said. “If they embed [security software] the way they did with Internet Explorer, it would be hard to lock down and make it secure because it’s integrated and it’s complicated. It’s the same thing with security software.”