There's a new family of malware that's using a complex set of capabilities to disable antimalware and listen in on sessions between users and some social networks. Bafruz is essentially a backdoor trojan that also is creating a peer-to-peer network of infected computers.
Microsoft has announced that its Microsoft Malicious Software Removal Tool has recently been modified to detect two new malware families, Matsnu and Bafruz.
The payload seems to start by terminating a long list of security processes listed in its code. It then displays a fake system alert that looks like that of any standard rogue AV attack.
The device actually restarts in Safe Mode. Here, the malware can disable all the security products more easily, allowing it to perform its other tasks without being interrupted.
"This may lead the user into believing all is well with their security product, while in the meantime, Bafruz is downloading additional components and malware onto the computer in the background through its P2P network," Microsoft.
Microsoft has now added Bafruz to the list of threats detected by its Malicious Software Removal Tool.The update came Tuesday, along with nine patches for 26 security vulnerabilities.