Security Protection – Harry Waldron MVP Rotating Header Image

Bohu Trojan – New Anti-Cloud Malware

Lightning The Microsoft Malware Protection Center has identified a new trojan which blocks cloud based AV technologies.  While these attacks are centered in China currently, these concepts could surface in other future malware attacks.

Storm Bohu Trojan – New Anti-Cloud Malware http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx

QUOTE: The Microsoft Malware Protection Center has been tracking a recent threat that attacks cloud-based antivirus technology provided by popular major antivirus software vendors in China. The malware is named Win32/Bohu (TrojanDropper:Win32/Bohu.A)..  The Bohu malware is native to the China region. Bohu attracts user installation by social engineering techniques, for example, using attractive file names and dropping a fake video player named “Bohu high-definition video player”. The more interesting part of Bohu is that the malware blocks cloud-based services now commonly featured in major Chinese antivirus products. Specifically, Bohu uses a number of different techniques in order to attempt to thwart Cloud-based AV technologies.

Storm Bohu Trojan – Technical Description http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Bohu.A
http://www.symantec.com/security_response/writeup.jsp?docid=2011-012002-5122-99&tabid=2

QUOTE: Win32/Bohu.A is a trojan that drops Trojan:Win32/Bohu.A!Installer – a trojan that filters an affected computer’s network traffic in order to stop malware-related data from being sent to information-gathering networks that belong to particular AV companies in China. It has been distributed in the wild with the file name “Bohu high-definition video player.exe” or similar.

Leave a Reply