Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43435
  • Total Topics: 16529
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 3018
Total: 3021









Author Topic: New Trojan poses antivirus updates and infect systems (IME, input method editor)  (Read 3197 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Security watchers have discovered a Trojan that uses built-in Windows functionality to overwrite security software and compromise systems.

The malware - which poses as an antivirus update - uses Windows input method editor (IME) to inject a system, technology that normally creates a means for users to enter characters not supported with their input device. For example, PC users with a 'Western' keyboard would take advantage of the technology to input Chinese or Japanese characters.

Security firm Websense, which has written a detailed write-up of the malware, explained: "The trojan can install itself as an IME, then it kills any running antivirus processes and deletes the installed antivirus executable files: http://community.websense.com/blogs/securitylabs/archive/2010/07/05/trojan-using-input-method-inject-technology.aspx
The original executable file of this trojan disguises itself as an antivirus update package."

As Websense notes, the attacks show that malware writers have begun using Windows input methods to infect vulnerable systems.

(ElReg)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023