Antivirus in the virus

Several security companies have become aware of a spam-sending virus that uses an antivirus component to clean infected computers of rival malware.

A Trojan called SpamThru that has just emerged has kept several curiosities for virus protection professionals. At first glance, it seemed that the new Trojan was not much different from the spam developed today to spread spam. This is because the new malware makes changes to selected computers that allow it to send large amounts of unsolicited e-mail in the background. It also modifies the hosts file on infected computers to prevent access to security companies' websites and to update antivirus software.

However, the above features have not yet come as a surprise, as Trojans with such capabilities appear on a daily basis. The real curiosity came when experts noticed that SpamThru also contains an antivirus component. Joe Stewart, a researcher at SecureWorks, said that one of Kaspersky Anti-Virus's anti-virus engines was used for the Trojan. This allows the malicious program to scan the infected computer for any other types of viruses and, if found, removes it. That is, the Trojan wipes out rival malware from computers so that it can take full control of the systems.

Another interesting thing about SpamThru is that it takes advantage of the potential of P2P technologies much more intensively than before. They use it to share various information about infected systems. For example, it publishes the IP addresses of computers, port information, software and operating system versions.

News of the special operation of SpamThru has also been confirmed by McAfee and Sophos. However, security companies have reported that a variant of their new trojan that has been able to spread quickly has not yet appeared.