In addition to setting up a compromised computer to relay spam, one example of malicious software also installs Kaspersky Lab's antivirus program to get rid of competing malicious software.
The culprit is a Trojan horse sometimes called "SpamThru," according to a write-up by Joe Stewart, a researcher with SecureWorks. "SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code," Stewart wrote last week.
When it first gets onto a PC, SpamThru connects to a control server and subsequently installs a pirated copy of Kaspersky AntiVirus, Stewart wrote. The system then starts a scan for malicious software, skipping files that it detects are part of its own installation, he wrote.
"SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals," Stewart wrote. "Any other malware found on the system is then set up to be deleted by Windows at the next reboot."