Malware uses Windows security feature to block security software

Malware uses Windows security feature to block security software

تاریخ ایجاد

Number: IRCNE2014062217
Date: 2014-06-14

According to “zdnet”, Trend Micro researchers have written about a twist in the BKDR_VAWTRAK banking malware in Japan. It is using Windows Software Restriction Policies (SRP) to restrict the privileges of security software, including Trend's.

SRP is a feature that was introduced in Windows XP and Windows Server 2003 and is generally administered through Group Policy. It is designed to allow administrators to blacklist and whitelist specific executable programs, or to restrict them to unprivileged (standard user) execution.

This is not the first time SRP has been used by malware, but Trend Micro says that the prominence of VAWTRAK attacks makes it more significant.

Trend Micro lists 53 products and companies for which the malware looks on the infected system. If it finds any, it creates an SRP for that program.

برچسب‌ها