Bafruz

Bafruz Description


Bafruz is a recently-detected family of multi-component backdoor Trojans that recruit your PC into a botnet for a variety of purposes, such as Bitcoin mining, Distributed-Denial-of-Service attacks or theft of website login information.
Download SpyHunter Spyware Scanner
However, Bafruz’s propensity for displaying fake alerts sets Bafruz apart from similar backdoor Trojans, which usually attempt to remain hidden by avoiding any visible symptoms. Pop-up warnings from Bafruz actually are used to uninstall security software that would thwart Bafruz’s attacks, although they portray themselves as originating from Microsoft Security Essentials. If you see pop-ups resembling those of Bafruz or have any other reason to believe that Bafruz may have compromised your computer, anti-malware applications should be utilized to remove Bafruz immediately, and SpywareRemove.com malware experts also recommend that you change potentially-compromised security information (such as account passwords).

Bafruz – an Examination of a Trojan-Scamware Hybrid


Bafruz uses a range of different components to launch its attacks and may even download other components from a P2P-based botnet that consists of other Bafruz-infected PCs. Although the file names for Bafruz Trojans can vary significantly, SpywareRemove.com malware researchers have noted that most Bafruz Trojans attempt to pass themselves off as parts of Windows and will keep themselves hidden inside your Windows system folder.

As a backdoor Trojan that should be considered a potential high-level risk to your PC’s security and privacy, Bafruz includes a stock set of typical Trojan attacks. However, Bafruz’s most noteworthy feature calls back to threats that are more often used by rogue security programs than Trojans: Bafruz displays fake alerts that indicate that uninfected programs are contaminated with backdoor Trojans, viruses and other types of PC threats. Bafruz’s pop-up informs you that you must reboot your computer to finish the disinfection process.

If you reboot, Bafruz will launch Windows in Safe Mode (notable, in and of itself, given that many Trojans are incapable of launching from within Safe Mode), uninstall the ‘infected’ program and then announce that said program is in a temporary ‘enhanced protection mode.’ Programs that SpywareRemove.com malware analysts have found to suffer from such Bafruz attacks include popular anti-virus scanners (Kaspersky, Dr. Web, McAfee, Avast and AntiVir), Microsoft security utilities (Defender and Security Essentials) and certain firewall applications (Outpost Firewall). Because Bafruz uninstalls these programs completely, you’ll be forced to reinstall them after deleting Bafruz with an alternative anti-malware product.

The Bafruz-Related Problems That Aren’t Nearly as Obvious as Its Pop-ups


While Bafruz’s fake pop-up alerts are difficult to overlook, SpywareRemove.com malware research team has also dug up a small cornucopia of other functions that Bafruz utilizes in the background. Bafruz-related attacks can also include (but aren’t necessarily limited to):
  • Using your PC’s resources to generate fraudulent Bitcoin currency or launch DDoS that crash arbitrary websites with artificial traffic.
  • Downloading and installing other PC threats (and modifying your security settings to allow this activity).
  • Disabling Windows System Restore.
  • Hijacking social networking accounts to display malicious messages and comments via your account name. Targeted sites include Facebook, Vkontakte and Russian MTS sites like mts.ru (and a wide range of regional subdomains).

Posted: November 21, 2011 | By
Share:
Follow Me on Pinterest More More
Threat Level: 6/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 237

Leave a Reply

What is 15 + 11 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)