Cloud-based malicious file interfering Anti-Virus has appeared!

1. Introduction

Jan 18, 2011, Microsoft official blog has announced cloud-based malicious file which may interfere Anti-Virus behavior to be spreading.
Lately reported this malicious file seems to be adopted social engineering technique, and it has been revealed first type of aiming at cloud system and expected new security threats.

Bohu Takes Aim at the Cloud
[ http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx

2. Malicious file info

This malicious file can deceive user as a movie file with its icon.

Upon executed, it will show installation written by Chinese to deceive user.

Furthermore, it will run screen such as a movie player.

Currently, damage case of this malicious file hasn't been reported so far, however, the attention of first cloud-based malicious file must be needed.

3. How to prevent

This malicious file has been reported aiming at Chinese security cloud server of company including Kingsoft, Rising, and so on. Besides, this malicious file adopted modifying to bypass detection.

If this malicious file causes tampering on certain module, update process can be wrong.
Modifying module transferring cloud server for diagnosis on malicious file can cause wrong decision on diagnosis status.
Furthermore, it can download additional malicious files.

With an appearance of emerging malicious files aiming at Chinese cloud server, the possibility to be caused by additional malicious files still remains on cloud system.
Security companies already adopted cloud system or considering adpoting must be concentrated on possible security threats.

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan/W32.FakeAV.2295397
 - Trojan/W32.FakeAV.2229503