Potentially Dangerous Trojan is a Customized Security Solution
The recent piece of malware found by the security firm Symantec could be a view of the next evolution in malware ridden software. As per the report, the recent software could conceal them in real legal security code, as reported by SecurityProNews on March 03, 2011.
An evident result would be the Trojans would be almost impractical to recognize preemptively. The Trojan in the highlight concealed itself in Chinese developed security software known as KingSoft WebSheild. It is believed that the malware is also developed in China.
Commenting on the matter, Eamonn Young, a researcher at Symantec stated that, the attractive part of this package is its configuration, which enables a chance for malicious plans. He stated that, "KingSoft WebShield has the capability to lock the home page to a particular domain and to redirect URLs based completely on plain text configuration files. This signifies that a person with malicious plan can repackage it utilizing malicious configuration files and utilize this as a home-made Trojan package, as reported by HELP NET SECURITY on March 03, 2011.
The latest package of Trojan comprises the legal software and its support parts, however also two configuration files that basically change it into the Trojan.
Another appealing thing regarding this Trojan is that it removes all Quick Launch icons apart from the Internet Explorer one. And, in case, if there isn't one, it forms it. As the complete package operates as they wish to only in Internet Explorer, this is pretty apparent method to ensure the user utilizes only that web browser.
The KingSoft WebSheild operates flawlessly when downloaded, which makes it tough for users to determine what caused their latest bit of malware. This is where the exact danger exists. If a more destructive malware was spread via the Trojan, finding the solution was tough to discover due to its concealed location.
However, the creators of this enhanced Trojan have produced an annoying, however not very harmful piece of malware. Unluckily, it appears that it is only a matter of time until someone alters the configuration files again and the users are again directed to further malware ridden websites.
Related article: Patient Database on Medical Center Websites Could be at Risk
» SPAMfighter News - 14-03-2011