Packet filtering trojan blocks anti-virus updates
Oh great
By INQUIRER staff: Wednesday 29 June 2005, 15:43
F-SECURE said it has encountered a fresh piece of viral trash which,
however, uses a technique to prevent your anti-virus software from
downloading updates.
The Fantibag trojan uses packet filtering to prevent access to several AV
and security related sites, and is related to Bagle-Mitglieder trojans. It
puts a DLL called firewall_anti.dll in the Windows directory.
When the DLL is activated, it modifies the network interface and adds a
filter that prevents access to the very place your AV software needs to go.
No comments:
Post a Comment