Malware writers seem to have picked up a new trick for blocking anti-virus updates. Usually this is done with hosts-file by redirecting hostnames to localhost. Today we were looking at a new trojan called Fantibag that uses packet filtering to achieve the same goal.
This trojan installs a packet filtering policy that blocks access to several anti-virus companies and other mostly security-related sites. More info in the description.