Trojan Targets Microsoft AntiSpyware

With its recent acquisition and pre-release of antivirus and anti-malware software packages, Microsoft has declared war on malicious programmers. Now, it appears that one of them has returned fire. A trojan program dubbed PWS-Banker.j by McAfee has preemptively taken aim at Microsoft's AntiSpyware software.

The malware, also known by the aliases Troj/BankAsh-A, PWSteal.Bankash.A and Trojan-Spy.Win32.Banker.jv in virus threat bulletins, attempts to render antivirus software ineffective by deleting program files and blocking notifications - specifically Microsoft's. It goes one step further by also attempting to deny access to antivirus Web sites.

Once the rogue program has its hooks in a system, it remains largely dormant, but is triggered when a user visits an online banking Web site. The trojan will then display a spoofed version and the Web page, record key strokes, and quietly send the information to a remote server.

Security vendors have also recognized that the software will sporadically lift the Windows password store from systems.

When asked for comment, a Microsoft spokesperson told BetaNews that it is actively investigating the reports.

"'BankAsh-A' and attacks that attempt to disable Anti-spyware or Anti-virus software are well known to the AS/AV community and Microsoft continues to encourage all users to follow our guidance to only download software from trusted sources," the spokesperson said.

Microsoft began its direct offensive against malware when it acquired technology assets from GeCAD in 2003. Since that time, Redmond has furthered its goal of protecting customers by purchasing the rights to additional security tools including GIANT Software's anti-spyware package and Sybari Software's enterprise antivirus products.

The software targeted by PWS-Banker.j is Microsoft's rendition of GIANT's spyware utility, which has been available to the public as a beta test.

It is expected that Microsoft will eventually roll its antivirus and spyware protection bundles into a subscription service code-named "A1." Industry sources claim that Microsoft has begun to inform its partners of the service, demanding confidentiality.

A1 may reflect the lessons the company learned during its now-defunct PC Satisfaction trial where it bundled third party antivirus firewall solutions, back up and PC health monitoring services into Web-based interface.

Despite having been discontinued, the trial has an open legacy. A form of PC health monitoring was incorporated into Windows XP Service Pack 2 and Microsoft's MSN business unit is ramping up its effects to provide a hosted back up and restore subscription service.

A1 itself may be assimilated into future releases of Windows.