Sophos Detects First Trojan Attacking Microsoft Anti-Spyware Product

Anti-virus experts at Sophos have discovered the first piece of malware to attack Microsoft’s new anti-spyware product, currently still in beta.

The BankAsh-A Trojan horse is designed to steal online banking passwords from unsuspecting Windows users. The Trojan horse also disables Microsoft AntiSpyware, currently available only as a beta download from Microsoft’s website, attempting to suppress warning messages that Microsoft AntiSpyware may display, and deleting all files within the program’s folder.

“This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware, but it may be the first of many such future attacks,” said Graham Cluley, senior technology consultant for Sophos. “As Microsoft’s product creeps out of beta, and is properly released and increasingly adopted by the home user market, we can expect to see more and more attempts by Trojan horses, viruses and worms to try and undermine its effectiveness.”

Sophos experts are warning that, besides disabling Microsoft’s anti-spyware product, the Trojan horse also targets users of UK online banks such as Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest, and Smile.

“More and more malware is being written by criminals, designed to steal bank account information from innocent computer users,” continued Cluley. “All internet users need to ensure their computers are properly defended with the latest up-to-date protection against viruses, spam and malicious spyware, and make sure they are not putting themselves in jeopardy.”

The British banking industry has published information about how online bank users can help stay safe online at www.banksafeonline.org.uk.

Further information about the BankAsh-A Trojan can be found at: