The Bohu Trojan has been seen attempting to block cloud-based technologies in anti-virus products.
Malware authors have their eyes on them too – something exemplified
by the Bohu Trojan, which blocks connections from Windows machines to
cloud anti-virus technologies to disable users’ defenses...
Among the sites the malware blocks traffic to is geo.kaspersky.com.
According to Kurt Baumgartner, senior malware researcher at
Kaspersky Lab, some of the techniques the Trojan uses are old, and have
been around more than a decade. Simple “morphing with junk data is not
a new method,” he said, adding the Trojan's behavior makes it easier to
detect by client-side behavioral protections.