• PC World
• »Security

The SpamThru, SpyAgent, and Jowspry Threats

Malware that scans your PC for malware: An extra antivirus scan can only be a good thing, right? Not when it just gets rid of rivals to the "SpamThru Trojan." This nasty introduced a pirated, pared-down version of Kaspersky AntiVirus (which Kaspersky has since shut down) to delete other malware so it could have the victim PC to itself to use as a spam sender. If the PC had a real antivirus app, SpamThru would attempt to block its updates, preventing it from identifying new threats.

Equal-opportunity encryption: Encrypting sensitive data and protecting it with a password helps shield it from prying eyes. But the "SpyAgent Trojan" enters the encryption game, too. When installed on a Windows PC with the Encrypting File System (which is included in Windows 2000, XP Pro, 2003 Server, and 2005 Media Center), SpyAgent establishes its own administrator-level user account and uses this account to encrypt its files. You--or your antivirus software--would have to guess the account's random password to decrypt and scan the malicious files to confirm they weren't supposed to be there.

Hi, firewall. I'm Windows Update. Honest: Firewalls protect computers and networks from bad guys' efforts to go in or out. So the "Jowspry Trojan" masquerades as something known and approved--Windows Update. The crafty malware makes its connections look like the Background Intelligent Transfer Service used by Windows Update, and unsuspecting firewalls let it download more attack programs to your PC.

To pull off these sneaky ploys, malware first has to get on your PC. If you keep Windows and other programs up-to-date, avoid opening attachments or clicking links in unsolicited e-mail, and use a good antivirus program, you won't give the crooks a chance to put their Trojan horses to work.

Descriptions based on research and analysis from Peter Gutmann at the University of Auckland, Craig Schmugar and Aditya Kapoor at McAfee's Avert Labs, and Joe Stewart at SecureWorks.