TrendMicro is reporting that bad guys in Japan are abusing Microsoft’s security functionality, Software Restriction Policies, to disable security tools.
The malware, termed BKDR_VAWTRAK, searches for commonly used security applications. If a security application is detected, the malware modifies the registry keys such that Software Restriction Policies will run the security software in a restricted state — rendering it useless.
The malware is distributed using malicious emails and compromised websites. This malware is being used to facilitate unauthorized banking transactions in Japan. Quoting TrendMicro,
[The Japanese] National Police Agency mentioned that the current estimated total cost of unauthorized transactions suffered by Japanese users reached 1.417 billion yen during the period of January-May 2014. In comparison the estimated total damage cost from these kinds of threats was 1.406 billion yen in 2013.Bad guys succeed in distributing malware using email because it is easy to deceive users into opening emails.
Iconix provides tools that help avoid being tricked by deceptive emails. Our Truemark service protects consumers. Our SP Guard product is for enterprises.