Banking malware using Windows to block anti-malware apps

A trojan that's currently doing the rounds in Japan is using Windows itself to try to defeat security software on infected machines.

Trend Micro reports that the BKDR_VAWTRAK malware, which steals credentials used for online banking at some Japanese banks, is using a Windows feature called Software Restriction Policies (SRP) to prevent infected systems from running a wide range of security programs, including anti-virus software from Microsoft, Symantec, and Intel. A total of 53 different programs are blocked by the malware.

SRP is intended to give corporate administrators greater control over the software that systems can run. Normally configured through Group Policies, administrators can both whitelist and blacklist applications. Applications can be identified in several ways; by their cryptographic hash, digital signature, their download source, or simply their path on the system.

Read 3 remaining paragraphs | Comments