New Version of Trojan ‘SASFIS’ DiscoveredTrendLabs, a division of the security company Trend Micro, has just discovered a variant of SASFIS - the Trojan that comes in a clever camouflage. SASFIS is known for notoriously creating a condition that leads to more infection on the victim's PC with various malicious programs like the BREDOLAB and Zeus trojans or different fake anti-viruses. TrendLabs states that the SASFIS Trojan comes via a spam mail containing a Roshal Archive or .RAR file attachment. This attachment also carries a Microsoft Excel or .XLS file. Once unzipped, the .XLS file appears as a real MS Excel document. But the file in fact is a screensaver that Trend Micro identified as TROJ_SASFIS.HBC. This is a malware which further installs BKDR_SASFIS.AC that lets strings to be inserted into the usual svhost.exe process. Although the file initially looks like an Excel sheet, it actually contains one binary header of the Win32 type. Owing to this, the user think that the file is an Excel document and therefore harmless. But actually it's a .SCR file denoting a screensaver, which is a malicious executable. Trend Micro researchers note that the cyber criminals spread the SASFIS Trojan through two basic business models. These are the PPI (pay-per-install) and the PPA (pay-per-access) business models. Furthermore, the researchers cite that there is a good aspect of this malevolent assault. The users can protect themselves from being contaminated by simply being careful while downloading their e-mail. The users can remain safe if they desist from viewing dubious and unsolicited e-mails along with their embedded attachments as they may contain malware. Besides, it is important that the users should install the most recent versions of security patches to protect their computers. Similarly, the most recent anti-virus and anti-malware software should also be regularly deployed to keep malware off the system. Finally, Trend Micro is warning of SASFIS a second time during 2010. Earlier in January 2010, the company stated that the total number of PCs contaminated with this Trojan had become maximum in October 2009 after which it declined more than 50% in January 2010. Related article: New Zealand Releases Code To Reduce Spam » SPAMfighter News - 6/9/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
