Malware Report: Clouding Up the Cloud

Wednesday, January 26, 2011 @ 06:01 PM gHale

There is now a Trojan specially designed to disable cloud-based antivirus security defenses.

The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or block access to antivirus websites from infected machines.

More and more security firms are beginning to adopt cloud-based antivirus architectures, as they offer the twin benefits of a lesser performance overhead (all the heavy lifting occurs on servers in the cloud not on the client) and faster response to the growing volume of malware threats. Bohu shows the bad guys are willing to make changes to work around fixes by security companies.

Bohu, spotted by antivirus researchers working for Microsoft in China, can block access to cloud-based net services from Kingsoft, Qihoo, and Rising. All three companies are in China.

The malware poses as a video codec, a common ruse by virus writers worldwide. If installed, Bohu applies a filter that blocks traffic between the infected machines and service provider. The malware also includes routines to hide its presence on infected machines.

Microsoft security researchers said Bohu is “the first wave of malware that specifically targets cloud-based anti-virus technology”, in a report on the Microsoft Malware Protection Center blog.

Antivirus firms added detection for the malware, which should block infection providing a user applied the latest signature updates.

Leave a Reply

You must be logged in to post a comment.