Trojan attacks Microsoft's anti-spyware

By Dan Ilett
Posted on ZDNet News: Feb 9, 2005 5:54:00 PM

Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday.

Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.

"This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at Sophos, said in a statement. "As Microsoft's product creeps out of beta and is adopted more by the home user market, we can expect to see more attempts by Trojan horses, viruses and worms to undermine its effectiveness."

Windows AntiSpyware, built using technology from Microsoft's acquisition of Giant Company Software, is designed to protect Windows PCs from spyware--software that is installed on computers without their owners' knowledge. Typically, spyware generates pop-up ads or keeps track of people's Web surfing.

Like many other Trojans, Bankash attempts to steal passwords and online banking details from Windows users, Sophos said in an advisory. The program targets users of U.K. online banks such as Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile.

Sophos called the Trojan "Bankash" because it attacks banking customers and installs a file called ASH.DLL onto a victim's hard drive.

Microsoft's British press office was awaiting comment from the company's U.S. headquarters at the time of writing.

Dan Ilett of ZDNet UK reported from London.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 64 Talkback(s)

Thread View
Flat View

We deleted them: ...for being off-topic, insulting, and useless. We don't catch all of them, but we do what we can.

Stephen Howard-Sarin
VP, ZDNet.com... (Read the rest); Posted by: S.Howard-Sarin Posted on: 02/10/05 You are currently: Logged In | Log out

Message has been deleted. Jeff Spicoli | 02/09/05

huh?? Tommy Gun | 02/09/05

Thimk. Anton Philidor | 02/09/05

Beta hasn't got a thing to do with it... BitTwiddler | 02/09/05

Beta My A$$ itanalyst | 02/09/05

Think LinuxHippie | 02/09/05

You HAVE to admit Roger Ramjet | 02/09/05

Thank you Roger.. Jeff Spicoli | 02/09/05

Appreciation Roger Ramjet | 02/10/05

You are not 100% correct Hippie BitTwiddler | 02/09/05

Simple solution NonZealot | 02/09/05

Careful, ACLU might come down on you Monkey_MCSE | 02/09/05

Technically LinuxHippie | 02/09/05

Die hard Windows users just can't seem to get that Jeff Spicoli | 02/09/05

See below htotten | 02/09/05

Ummm.. Jeff Spicoli | 02/09/05

Did YOU read the article? PA-ITGuy | 02/09/05

Pennsylvania dude.. Jeff Spicoli | 02/09/05

PA: Get the feeling he just doesn't understand? NonZealot | 02/09/05

"Nonzealot".. Jeff Spicoli | 02/10/05

Hey Jeff! Confused by religion | 02/09/05

Nah Jeff Spicoli | 02/09/05

Not really ... Confused by religion | 02/09/05

Awesome Milly! Jeff Spicoli | 02/10/05

Re: Die hard Windows users just can't seem to get that ReFoRMaT | 02/09/05

Yup Jeff Spicoli | 02/10/05

Well.. Jeff Spicoli | 02/09/05

Nothing to address LinuxHippie | 02/09/05

Sure there is! Jeff Spicoli | 02/09/05

Great combacks Jeff. LinuxHippie | 02/09/05

Interesting... PA-ITGuy | 02/09/05

I agree - THIS time Roger Ramjet | 02/09/05

Agree on the basis of social engineering. Anton Philidor | 02/09/05

Wow, interesting Roger Ramjet | 02/09/05

Not what I was thinking about Anton Philidor | 02/09/05

We agree, I think... PA-ITGuy | 02/09/05

In all honesty, I'd never heard of GIANT voska | 02/10/05

Truth be told... PA-ITGuy | 02/10/05

Objection Mack DaNife | 02/09/05

Re: Interesting... ReFoRMaT | 02/09/05

Just wondering. Anton Philidor | 02/09/05

Re: just wondering alterego_z | 02/09/05

I Use Three Anti-Spyware...Actually Four itanalyst | 02/09/05

You use 3 scanners to find tracking cookies?? Anton Philidor | 02/09/05

No, What I'm Saying Is That Cookies Are All The Scan Picks Up itanalyst | 02/09/05

That's the question. Anton Philidor | 02/09/05

You Haven't Used HiJack This, Have You? itanalyst | 02/09/05

Yes, I have. Anton Philidor | 02/09/05

I Agree... itanalyst | 02/09/05

HiJackThis Blackdog_z | 02/09/05

Adaware Mike (not Cox) | 02/10/05

If anyone finds out who's responsible for CoolWare... Anton Philidor | 02/10/05

Maybe a shotgun Patrick Jones | 02/09/05

Check out pstools from sysinternals Hugh Jass | 02/09/05

CoolWeb Search Variants Zoraster | 02/09/05

Yeah, and what kind of resources will THAT take up? (NT) Michael Kelly | 02/09/05

2? Mike (not Cox) | 02/10/05

This Is NOT A Beta Product You Morons!! itanalyst | 02/09/05

Re: " NOT a Beta alterego_z | 02/09/05

Hey ZDnet htotten | 02/09/05

We deleted them S.Howard-Sarin

| 02/10/05

All the AMB'ers need to check this out htotten | 02/09/05

Please, somebody help me... ReFoRMaT | 02/09/05

Don't worry! MS is releasing a virus scanner later this year!

Hugh Jass | 02/09/05

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry