A new Trojan has been spotted by Microsoft (NASDAQ: MSFT) researchers in China that neuters antivirus products there that rely on cloud-based technology. Called Bohu, the malware employs social engineering techniques to trick users into executing it. Upon running, it targets major Chinese AV vendors and other international security brands by blocking their Internet access at the network driver layer.

The use of cloud-based technologies is becoming more prevalent, as traditional antivirus companies adopt techniques that allow them to detect and neutralize malware infestations in minutes rather than in days. Of particular concern here is the sophistication of the Bohu Trojan, which blocks the cloud-based antivirus software by means of a Windows Sockets service provider interface (SPI) filter, itself made possible by the installation of an NDIS driver.

Speaking to eWeek, Kurt Baumgartner, who is a senior malware researcher at Kaspersky Lab acknowledged that engineering it is "not trivial." This effectively gives Bohu the ability to perform deep packet inspection on the network data, which it uses to modify search terms sent to sogou.com, and cookies belong to the top search engines. For now, Microsoft says it has already contacted the affected vendors about the Bohu threat.

For more on this story:
- check out this article at eWeek
- check out this article at Computer Weekly
- check out this article at IT Pro

Related Articles:
Microsoft tool now scans for the Zeus Trojan 
Security loopholes surfaces on Mac App Store 
Zeus Trojan mules used fake names, passports 
Evidence of Zeus Trojan found in majority of Fortune 500 companies