'Beta Bot' Banking Trojan Disables Your Security
CREDIT: George Bailey/Shutterstock.com
A recently discovered piece of malware called Beta Bot started out as a humble Web-page automated script, but over the last five months, it has evolved into a credible threat that will do whatever's necessary to survive.
Now an invasive banking Trojan, the new and improved Beta Bot can block anti-virus software, security websites and even other malware in its quest to steal user information and share it with hackers.
The Trojan — which has targeted large banks, social networking sites and online payment platforms — can’t do anything without a victim's direct approval. The program takes the curious step of displaying a pop-up that resembles an official Windows message box, asking whether a user wants to allow the "Windows Command Processor" to modify its computer.
If users say no, the program never activates. If they say yes, however, they've effectively given hackers permission to steal their information. The program automatically downloads malicious files online, spreads itself via Skype or USB hookups, and redirects users to hacked websites.
Once on an infected machine, Beta Bot takes whatever information it pleases and reroutes it to a database, where hackers can access it. Trying to remove the Trojan is a tricky proposition, as it can detect which antivirus programs a user has installed and block them from running or receiving updates.
Beta Bot can even compile a list of websites that provide anti-virus software and prevent a user from ever reaching them. The program does not even tolerate other malware, which might steal some of its precious bandwidth. Instead, it shuts down all competing malware programs while it steals information.
Despite its potentially devastating skill set, Beta Bot has yet to pick up much popularity in the cybercriminal underground, according to the Boston-area security-verification firm RSA's Speaking of Security blog. Researcher Limor S. Kessem has discovered that the program's uses are a little too broad for focused bank criminals, and that the program doesn't allow much modification from hackers who purchase it.
Unless you run a bank or a large financial site, you're unlikely to encounter the Beta Bot, but its lessons apply to everyday users as well. Windows Command Processor is a default Windows process, so it would not require user permission to run; this request should be immediately suspicious. [See also:8 Simple Tips for Securing Your Computer]
If your computer is compromised by malware that prohibits visits to security websites, it's always possible to download the latest updates (or even a whole new program) on another computer and transfer it via a thumb drive. Just remember to thoroughly format the thumb drive afterward; malware can be sneaky.
At its core, Beta Bot is still a fairly run-of-the-mill Trojan, and a regular malware or anti-virus sweep will eliminate it. That said, it's evolved considerably in only six months, and the next six may make it even more dangerous.