Microsoft discovered a new family of malware which use a clever method in order to disable the Anti-malware.
 |
| fake alert displayed by virus |
Bafruz is a multi-component backdoor that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance), and includes a nasty list of payloads, as well as unique means of disabling security and antivirus products.
Bafruz contains components, which achieve a number of objectives for the attacker, such as hijacking Facebook and Vkontakte accounts, launching Distributed Denial of Service attacks, performing Bitcoin mining, downloading malware, and disabling security and antivirus products.
The most interesting part of the Bafruz malware is the way of disabling the Antivirus softwares.
When the malware infects the users system, it simply appeared to terminate a long list of security processes listed in its code. Also the malware displays a fake virus alert. When a user choose to remove the threat, it ask users to reboot the computer.
The malware restarts the computer in safe mode so that it can disable all Security products completely.
More interestingly, the fake virus alert varies depending on the security solutions installed on the victim system. For eg: While running the malware in Kaspersky installed system, it displays the above fake virus alert.
Microsoft has added Bafruz to the list of threats removed by the Malicious Software Removal Tool (MSRT).
