Backdoor to "communicate" with the user on behalf of Security Essentials and fraudulently removes anti-virus software from the system.
According to security researchers from Microsoft, the company's experts have found a virus that deletes anti-virus software from the infected system.
Immediately after infection of backdoor Win32/Bafruz, which Microsoft has called unique, gives the user a message disguised as a notification Security Essentials, that was found on the system of malware.
Further, if the user approves the requirements fake antivirus is restarted in safe mode, in which the backdoor system removes all known components of the anti-virus programs (list-threatening virus software pre-installed before the code Bafruz).
When all operations are completed, the backdoor tells the victim that the system is now in the "increased security."
In Microsoft also noted that Bafruz can establish P2P-connection with other infected machines to receive instructions from the C & C-server and download additional modules. In addition, the virus is able to steal credentials from social services Facebook, «Facebook» and Bitcoin.
Microsoft view the report here.
No comments:
Post a Comment