Home Malware Programs Trojans Derusbi


Posted: October 31, 2014

Derusbi is a family of spyware and backdoor Trojans that include numerous features for collecting information related to online accounts. Between 2011 and 2014, Derusbi has been particularly well-used by Axiom, a well-organized hacker organization that some speculate has ties to the government of China. Regardless of its true origins, Derusbi is a high-level threat that gives third parties access to your computer, and you should follow thorough anti-malware protocols for blocking or removing Derusbi from any PC.

A Trojan in the Company of Ghosts and Monsters

Derusbi is a 'sidegrade' Trojan that duplicates many of the features found in related threats, such as the Gh0std RAT, Hydraq and Darkmoon. While using this redundancy to avoid the detection protocols for previously-known threats, Axiom has put Derusbi to work at collecting information from vulnerable PCs. The targets often preferred by Axiom include may include various nations' defense contractors, political activists against the Chinese government and even corporations like Google. Like all 'good' backdoor Trojans, Derusbi may be installed by other Trojans or, itself, install additional threats.

After compromising a PC, with fraudulent e-mail messages and browser-based exploits being its most likely assistants, Derusbi may modify the Registry to let itself launch automatically. Derusbi attacks some relevant security programs by deleting their Registry components automatically, and also may close other programs, when instructed to do so. However, many of Derusbi's other functions are espionage-based.

With respect to collecting information, malware experts see Derusbi transferring account passwords, login names and general system specifications. In a less specific sense, Derusbi also may gather other information by taking screenshots. The programs that may be targeted by Derusbi's data theft attacks include Internet Explorer, Outlook and MSN Messenger.

Getting Your Accounts Back from Chinese Trojans

It's rare for backdoor Trojans to have symptoms that would make their attacks immediately visible, and Derusbi, unfortunately, stays true to this characteristic. However, the third parties most well-known for using Derusbi attacks do have a noted preference for using e-mail attachment-based distribution methods, which you can cripple with both good security software and common sense. Alternative distribution models using compromised websites are not completely unknown, but non-Internet Explorer users should be at lessened risk of encountering these exploits.

Derusbi distributes itself in limited numbers aimed at highly-specific targets within relevant industries and government institutions. Even with this limited degree of distribution, Derusbi shouldn't be taken lightly, with its payloads including features easily capable of compromising crucial information to an extreme degree. Even after deleting Derusbi, you should be certain to change passwords and other security information that make up its most likely targets for transfer into third parties possession.

Derusbi is limited to infecting Windows PCs, but is compatible with Windows 95 up to modern versions of the OS. Despite that, it seems unlikely that Axiom or equally-proficient third parties would ignore other operating systems that come to their attention as potentially fruitful victims.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Derusbi may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.