Monday, December 10, 2012

Rimecud Trojan Poses as TrendMicro Antivirus

Threat of TrojanIf you’re going to download antivirus software, make sure it’s from a reputable vendor’s website and not some random website you landed on after clicking a link within a solicited email.

TrendMicro researchers have come across a Trojan masquerading as “TrendMicro Antivirus Plus AntiSpyware” in order to trick users into downloading and executing it on their computer. Legitimate TrendMicro security products detect this threat as TROJ_RIMECUD.AJL ("Rimecud").

Trojan posing as TrendMicro Antivirus Screenshot Credit: TrendMicro

Once executed, Rimecud will create a process, svchost.exe and ultimately download a bitcoin-mining application created by Ufasoft. The bitcoin-mining application, detected by TrendMicro as HKTL_BITCOINMINE, will generate profit for the attackers by using the infected machine’s processing power to create bitcoins.

Although there have been previous malware attacks that transform affected machines into bitcoin miners, TrendMicro researchers warn that we'll likely see more of them since Bitcoin Central recently scored approval to operate as a bank, making it possible to convert euros to bitcoins and vice-versa.

To avoid having your system turned into a bitcoin-making machine, it is recommended that you:

  • Exercise caution when following online ads, shortened urls, or when visiting unknown websites.

  • Only download applications from reputable vendor websites.

  • Always keep your operating system & installed software patched & up-to-date.

  • Always run antivirus software & keep the virus definitions current.

If you suspect your system has been infected by TROJ_RIMECUD.AJL, perform a full system scan using antivirus provided by TrendMicro, McAfee or Microsoft.

[via TrendMicro]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment