Input Method Editor (IME) Trojan Disables and Removes Anti-Virus

Websense has discovered an Input Method Editor Trojan. The Trojan masquerades as a security update and manipulates a windows component system used to input additional characters or symbols from an attached input device. According to the Websense advisory:

Websense® Security Labs™ ThreatSeeker™ Network has detected a type of trojan that uses the Windows input method editor (IME)  to inject a system. An IME is an operating system component or program that allows users to enter characters and symbols not found on their input device. For example, it could allow a user of a ‘Western’ keyboard to input Chinese, Japanese, Korean, and Indic characters.

The trojan can install itself as an IME, then it kills any running antivirus processes and deletes the installed antivirus executable files. The original executable file of this trojan disguises itself as an antivirus update package.

I have seen a lot of online Anti-Virus malware recently. Only use the Anti-Virus update included with your Anti-Virus program. Never run “updates” from an e-mail message or from websites. See the Websense site for more information and an indepth explanation of how the Trojan code works.

About these ads

~ by D. Dieterle on July 7, 2010.

2 Responses to “Input Method Editor (IME) Trojan Disables and Removes Anti-Virus”

  1. Hey bud, hope you had a good 4th.
    It’s hard to believe that anyone hits links and whatnot in emails anymore. LOL

    BTW< Did you catch this?

    http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html?mod=WSJ_hpp_MIDDLETopStories

    Are we seeing glimmers of Einstein?

  2. Hey bro! Had a great 4th, hope you did too.

    Very interesting link, thank you. Impressive picture on the WSJ article. My former boss was a Nuclear Power engineer. He told me an interesting story once. See all that wonderful electronic equipment in the control room? Well, the room below is full of the wires that connect all of that stuff. Their was a natural gas leak in the wire room at the plant he was at and an engineer brainiac was looking for it using his lighter. Yup, he started a fire.

    It just goes to show that people will always be the weakest link in defending your system. Beware the engineer with the lighter!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 246 other followers

%d bloggers like this: