McAfee Avert Labs blog has an interesting article on protecting yourself from EFS (Windows Encrypted File System) attacks. EFS is the native file / folder encryption system for Windows workstations and servers. Depending on how it is used this could make the files un-scannable (Is that a word?) to AV scanners. Most of the article shows how to turn off EFS or otherwise protect yourself from malware that might try to use it. Nothing radical there…turn it off via registry / GPO if EFS is not used.
They do mention a specific piece of malware (not by name though….) that:
Creates an administrator account with random name and password
Encrypts a Trojan Downloader with EFS and runs it as a service
Installs a dialer program and other malware
Sounds like a real gem….
—Chris
Technorati Tags: Windows, Encryption, EFS, Trojan
Leave a Reply