Bafruz is a recently-detected family of multi-component backdoor Trojans that recruit your PC into a botnet for a variety of purposes, such as Bitcoin mining, Distributed-Denial-of-Service attacks or theft of website login information.
Bafruz – an Examination of a Trojan-Scamware Hybrid
Bafruz uses a range of different components to launch its attacks and may even download other components from a P2P-based botnet that consists of other Bafruz-infected PCs. Although the file names for Bafruz Trojans can vary significantly, SpywareRemove.com malware researchers have noted that most Bafruz Trojans attempt to pass themselves off as parts of Windows and will keep themselves hidden inside your Windows system folder.
As a backdoor Trojan that should be considered a potential high-level risk to your PC’s security and privacy, Bafruz includes a stock set of typical Trojan attacks. However, Bafruz’s most noteworthy feature calls back to threats that are more often used by rogue security programs than Trojans: Bafruz displays fake alerts that indicate that uninfected programs are contaminated with backdoor Trojans, viruses and other types of PC threats. Bafruz’s pop-up informs you that you must reboot your computer to finish the disinfection process.
If you reboot, Bafruz will launch Windows in Safe Mode (notable, in and of itself, given that many Trojans are incapable of launching from within Safe Mode), uninstall the ‘infected’ program and then announce that said program is in a temporary ‘enhanced protection mode.’ Programs that SpywareRemove.com malware analysts have found to suffer from such Bafruz attacks include popular anti-virus scanners (Kaspersky, Dr. Web, McAfee, Avast and AntiVir), Microsoft security utilities (Defender and Security Essentials) and certain firewall applications (Outpost Firewall). Because Bafruz uninstalls these programs completely, you’ll be forced to reinstall them after deleting Bafruz with an alternative anti-malware product.
The Bafruz-Related Problems That Aren’t Nearly as Obvious as Its Pop-ups
While Bafruz’s fake pop-up alerts are difficult to overlook, SpywareRemove.com malware research team has also dug up a small cornucopia of other functions that Bafruz utilizes in the background. Bafruz-related attacks can also include (but aren’t necessarily limited to):
- Using your PC’s resources to generate fraudulent Bitcoin currency or launch DDoS that crash arbitrary websites with artificial traffic.
- Downloading and installing other PC threats (and modifying your security settings to allow this activity).
- Disabling Windows System Restore.
- Hijacking social networking accounts to display malicious messages and comments via your account name. Targeted sites include Facebook, Vkontakte and Russian MTS sites like mts.ru (and a wide range of regional subdomains).
Posted: November 21, 2011 | By SpywareRemove
Threat Level: 6/10
Rate this article:
Detection Count: 237