Microsoft introduces detection for Bafruz trojan

Share this article:

Microsoft has added detection capabilities for Bafruz, a backdoor trojan capable of taking a number of malicious actions on victims' computers.

Bafruz can take control of accounts on social networking sites like Facebook and [Russian-based] Vkontakte, launch distributed denial-of-service attacks, conduct Bitcoin mining, install additional malware, and disable security products, like anti-virus, said the Tuesday blog post from the Microsoft Malware Protection Center.

Bafruz resembles traditional rogue anti-virus software as it tries to get on users' machines, minus the portion where it demands ransoms from users.

The malware first displays a list of security processes being terminated. Then, alerts appear in the system tray instructing the victim to remove a "virus" by rebooting their computer. Once the victim does this, the computer will restart in safe mode, allowing Bafruz to disable installed anti-virus software.

Bafruz can then download additional malware in the background using a peer-to-peer (P2P)-based botnet at its disposal, according to Microsoft. 

Microsoft has now added Bafruz to the list of threats detected by its Malicious Software Removal Tool.

The update came Tuesday, along with nine patches for 26 security vulnerabilities.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.