Chinese Trojan blocks cloud-based security defences

http://www.theregister.co.uk/2011/01/20/chinese_cloud_busting_trojan/

 

More detail: https://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx

 

ah thanks for posting this.. I dont like to rely on antivirus for protection..I do have em but thats it..I believe that if you have a clean image to fall back you are good to go no matter what IMO

 

Read this thread from #6 onwards

https://www.wilderssecurity.com/showthread.php?t=290707&highlight=panda

 

https://www.infosecisland.com/blogview/11144-Bohu-Trojan-is-Designed-to-Disable-Cloud-Antivirus.html

 

So the cloud based detection has been nailed ?!

 

Of course!

 

Can anyone test this with immunet?

 

not that i have tested it but for now it only "blocks" chinese vendors (rising,qihoo and kingsoft). the technology used by bohu can be easily implemented on other known malware pieces and trust me on this one, it will be within days or so.

actually lots of people were waiting for something like this to pop up for quite some time now

ps: on second read it probably interacts with norton and kaspersky too, at some extencion

 

Interesting, everyone knew that malware like this would eventually come. However the cloud vendors will most likely push out a client side update that allows the engine to detect the threat without being on the cloud. The back and forth game continues.

 

... and Bohu 2 will kill the cloud again and so on ...