Bitrix warns on trojan disguised as security framework update

Although updates from software majors such as Adobe and Microsoft have been used in the past to hide malware, this is one of the first times a smaller vendor's software has been hijacked in this way.

According to Bitrix, the trojan – part of the Agent family – installs a keylogger capable of capturing keystrokes from the users' PC.

The good news is that most conventional IT security software should spot the presence of this trojan, which has been circulating since 2007, according to Kaspersky Lab's data file on the malware.

Bitrix notes, however, that the trojan is capable of stealing confidential data from infected computers and received the highest threat level from Threat Expert.

Bitrix says that the trojan is being spread using mass mailing of spam and malicious links. One of the most interesting features of the spam mailer, Infosecurity notes, is that it pretends to be a Bitrix update, but also claims to be a Microsoft Silverlight update.

If a user launches the infected file, the trojan installs itself into the system by creating multiple files and registering itself in the system registry.

After installation, the malware unobtrusively runs in the background, captures keystrokes and sends out collected data to an external service.

Bitrix is recommending that users update their virus scanners and check their computers against this malicious programme.

What’s Hot on Infosecurity Magazine?