‫ Malware uses Windows security feature to block security software

Number: IRCNE2014062217
Date: 2014-06-14

According to “zdnet”, Trend Micro researchers have written about a twist in the BKDR_VAWTRAK banking malware in Japan. It is using Windows Software Restriction Policies (SRP) to restrict the privileges of security software, including Trend's.

SRP is a feature that was introduced in Windows XP and Windows Server 2003 and is generally administered through Group Policy. It is designed to allow administrators to blacklist and whitelist specific executable programs, or to restrict them to unprivileged (standard user) execution.

This is not the first time SRP has been used by malware, but Trend Micro says that the prominence of VAWTRAK attacks makes it more significant.

Trend Micro lists 53 products and companies for which the malware looks on the infected system. If it finds any, it creates an SRP for that program.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 24 خرداد 1393



امتیاز شما
تعداد امتیازها:0