P2P-based Spam Trojan Installs Anti-Virus

Here’s something interesting I came across – the SpamThru trojan uses a peer-to-peer communication system to avoid the network being shut down. This was inevitable I suppose, but there was something else I didn’t expect – it downloads and installs an anti-virus engine (Kaspersky) in order to ensure other malware doesn’t steal precious resources from the spamming operation. (Of course, it skips any files that belong to itself). Although some malware has tried to remove its competitors before, I can’t recall seeing any using this technique. Of course, the malware authors know which AV has the best detection rates, which must be why they chose KAV. :)

My analysis can be found here:
http://www.secureworks.com/analysis/spamthru/

Share