Trojan Attempts to Deactivate Anti-phishing Software

According to the Internet security firm 'Webroot,' it has discovered an obscure Trojan that tries to hack Trusteer's Rapport software.

Trusteer's Rapport is a free browser add-on used by more than 6 Million people. This add-on helps to lock down the browser to give protection against phishing assaults and to block the redirection between the banking website and client.

The security firm has called the Trojan - a generic version of Trojan-Phisher-SABanks. The malware code includes a process which will try to install Rapport or sometimes tries to delete parts of the software installation.

If a single version of the Trojan installs, then a batch of file executes which tries to delete the main application. Another version installs a batch that hit a binary file called config.js, hidden inside the some levels below Trusteer's program folder.

The process of installation seems to be miserable attempt. Unfortunately, the process fails to accomplish the task completely.

Expressing his views on the attack, Mickey Boodaei, CEO of Trusteer, said that the criminal groups attempt to deactivate Trusteer Rapport exhibits its effectiveness in providing protection to online banking communications. Criminals try to deactivate Rapport because their plans of defrauding people could not materialize when Rapport remains active, as reported by The Tech herald on June 3, 2010.

He further added that the attempts to deactivate Rapport have not only been discovered and disclosed by the Rapport client, but several other system components on the banks' servers and cloud have reported.

Finally, the security experts at Webroot said that although the attempts seemed to be an isolated incident wherein phishing Trojan aimed to deactivate the anti-phishing software, it would be completely wrong to undermine the enemy. This attempt was an unsuccessful one, but the next one could be successful.

The security experts further added that although this was the first assault in which the Trojan tried to deactivate the anti-phishing tool, this was not the first time when scammers made attempt to deactivate any software. Similarly, a Trojan targeted against "JAWS 9.0 screen reader software" in January 2008, but Sophos detected the attack. The software used for reading the text written on screen and to convert it into speech.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 6/12/2010