No, there’s no typo in the title above… But I can understand your surprise! (Smirk!)
In our world of antivirus cleaning up infected systems from trojans and viruses, what more can be crazier (but also most ingenious I might say) than actually having a trojan install an antivirus in your system?!?
But yes! It is true… and Trend calls this trojan as TROJ_AGENT.BGK.
This trojan, whose main purpose is to send SPAM from infected computer, installs an antivirus onto the infected systems by downloading a pirated copy of Kaspersky Antivirus. It then patches the KAV license signature checking and then lets the antivirus scan the system, skipping the trojan itself and its components WHILE flagging and deleting other malwares found. The trojan obviously uses this technique against other potential rival-trojans that may possibly also infect the system and take some share of the pickings… Apparently, for this greedily-ingenious trojan, two or more cannot play at this game… ;)
What a dilemma for Kaspersky though… Talk about a free marketing stunt from the bad guys!
More from Joe Stewart of SecureWorks.