The Microsoft Malware Protection Center has identified a new trojan which blocks cloud based AV technologies. While these attacks are centered in China currently, these concepts could surface in other future malware attacks.
Bohu Trojan – New Anti-Cloud Malware
QUOTE: The Microsoft Malware Protection Center has been tracking a recent threat that attacks cloud-based antivirus technology provided by popular major antivirus software vendors in China. The malware is named Win32/Bohu (TrojanDropper:Win32/Bohu.A).. The Bohu malware is native to the China region. Bohu attracts user installation by social engineering techniques, for example, using attractive file names and dropping a fake video player named “Bohu high-definition video player”. The more interesting part of Bohu is that the malware blocks cloud-based services now commonly featured in major Chinese antivirus products. Specifically, Bohu uses a number of different techniques in order to attempt to thwart Cloud-based AV technologies.
Bohu Trojan – Technical Description
QUOTE: Win32/Bohu.A is a trojan that drops Trojan:Win32/Bohu.A!Installer – a trojan that filters an affected computer’s network traffic in order to stop malware-related data from being sent to information-gathering networks that belong to particular AV companies in China. It has been distributed in the wild with the file name “Bohu high-definition video player.exe” or similar.