Microsoft has added detection capabilities for Bafruz, a backdoor trojan capable of taking a number of malicious actions on victims' computers.
Bafruz can take control of accounts on social networking sites like Facebook and [Russian-based] Vkontakte, launch distributed denial-of-service attacks, conduct Bitcoin mining, install additional malware, and disable security products such as anti-virus, said Microsoft's Tuesday blog post.
Bafruz resembles traditional rogue anti-virus software as it tries to get on users' machines, minus the portion where it demands ransoms from users.
The malware first displays a list of security processes being terminated. Then, alerts appear in the system tray instructing the victim to remove a "virus" by rebooting their computer. Once the victim does this, the computer will restart in safe mode, allowing Bafruz to disable installed anti-virus software.
Bafruz can then download additional malware in the background using a peer-to-peer (P2P)-based botnet at its disposal, according to Microsoft.
Microsoft has now added Bafruz to the list of threats detected by its Malicious Software Removal Tool.
The update joined nine patches for 26 security vulnerabilities.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.