Cisco: 12 Million Computers Infected By Tuto4PC Malware

Cisco has accused French company Tuto4PC of secretly adding spyware and addware to its own software.

Security researchers at Cisco said that a number of Tuto4PC’s products, such as System Healer and OneSoftPerDay, carry Trojans that display “malicious intent and behaviour.”

12 million users

It is estimated that 12 million users have downloaded a Tuto4PC product. As soon as the software is installed it acts like malware, installing a Trojan virus called Wizz.

The researchers said: “Installed with administrator rights, (Wizz) is able to harvest personal information, and install and launch executables uploaded by the controlling party.”

Wizzupdater attempts to verify the security posture of the environment before executing. This is a technique routinely found in malicious software to ensure that the infection only occurs in an environment where the malware is likely to be effective and go undetected.

The researches explained: “The sample analysed, to this point, has exhibited techniques more commonly found in something with malicious intent rather than something benign.

The malicious software has been described by the researchers as a “backdoor.”

They added: “A backdoor is intentional, and is not disclosed or documented. It could be the result of a well-meaning customer support engineer, a third party software library, or the actions of a bad actor. An adversary, using an exploit kit, could also install one after a product has been deployed and is being used by a customer.

“Backdoors are nearly always viewed as wrong, because something intentional is happening in an environment without a customer’s knowledge or authorisation.”

At the time of publication, Tuto4PC had not responded to TechWeekEurope’s request for comment.

How much do you know about computer viruses? Try our quiz!