Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Microsoft Detects Trojan Bubnix

Microsoft has recently discovered a fresh band of trojans called Bubnix that has been included in its most recent edition of the Malicious Software Removal Tool.

WinNT/Bubnix is a complex malware used as spam bot that infects a PC through a downloader called TrojanDownloader: Win32/Bubnix.A. This downloader itself is installed from the Net via variants of Win32/Harnig and Win32/Bredolab.

The Microsoft researchers state that to transfer a malevolent executable, it is common to first encrypt it with a downloader. In order to make the content appear more legitimate, TrojanDownloader: Win32/Bubnix.A adds extra activity to this ordinary task, as reported by SoftPedia on July 15, 2010.

The most interesting fact about Bubnix is that it avoids detection by imitating RAR archives' file header although the passwords of such archives are protected. The security researchers explain that a drawback of many antivirus solutions is that to save time, they merely scan active processes as well as files which appear as an instant danger like the .exe files. This fresh Trojan reportedly capitalizes on such a situation.

Moreover, the security researchers study discloses that if the archives are tried to "decompress," a request emerges for their password. In such a case, the 'RAR' archive is not a genuine RAR file.

When the header displays a 'RAR!' string, the latter indicates the presence of a code transferred to an unlocking utility where Bubnix gets exposed so that the real payload is revealed. Thereafter, when a PC becomes infected, the Trojan downloads and places a rootkit that works as a driver for kernel known as "Boot Bus Extender."

Furthermore, the researchers disclose that the Bubnix band of trojans work as botnet clients that mainly help in spamming activities. Microsoft states that they are frequently installed on already hijacked computers via other malware.

Commenting on the problem, the security researchers stated that apart from ordinary transformation, malware uses plenty of different techniques to hide as well as encrypt the content prior to forward transmission as per Microsoft researchers' blog published by Microsoft Malware Protection Center on July 14, 2010.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 7/29/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page