News

Bafruz backdoor Trojan disables security and antivirus products

Moriah Sargent, Contributor

Microsoft's release of its Malicious Software Removal Tool (MSRT) this August will include the Win32/Bafruz family, a backdoor Trojan that creates a peer-to-peer network

    Requires Free Membership to View

of infected computers.

Bafruz's arsenal includes the ability to disable security and antivirus products, hijack social media accounts, launch DDoS attacks, perform Bitcoin-mining, and download malware

Bafruz's arsenal includes the ability to disable security and antivirus products, hijack social media accounts, launch distributed denial-of-service attacks (DDoS), perform Bitcoin-mining, and download malware, according to a blog post on the Microsoft Malware Protection Center.

When Bafruz targets security and antivirus products, alerts will appear in the system tray, posing as notifications from a user's actual security provider. These alerts tell users that a virus has been detected and recommend a reboot. Rebooting the computer allows Bafruz to remove components of the antivirus product from the system, fully disabling the product. Even if users choose not to reboot their system, Bafruz will eventually force a reboot.

Once the reboot is complete, an alert mimicking the security product Bafruz just disabled appears, saying the computer has entered "enhanced protection mode." According to Microsoft, Bafruz is currently able to download additional components and malware onto the computer through the peer-to-peer network running in the background.

System changes that could indicate the presence of Bafruz include btc_server.exe, client_8.exe and ddhttp.exe, according to Microsoft's encyclopedia entry on Win32/Bafruz. The antivirus products it targets include MacAfee Antivirus, Microsoft Defender, Norton Antivirus, and several versions of ESET and Kaspersky. Targeted social media sites include Facebook and VKontakte.

Microsoft recommends that users take several steps to guard their systems against a potential Bafruz threat. Prevention tips include keeping computer and antivirus software up to date, using strong passwords, and being cautious when opening attachments and visiting webpages.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: