It’s malware that actually removes other malware from its victims’ PCs. And so far, nobody is exactly sure how it’s being distributed.

Security experts this week are buzzing about a new Trojan called Tigger.A, also known as Syzor. The data-stealing malware has quietly claimed about 250,000 victims since it was first spotted by security intelligence company iDefense in November, according to a Washington Post report.

Tigger.A allows attackers to gain access to “administrator” privileges on Windows machines, even if the user himself doesn’t have those privileges, according to the report. It takes advantage of a vulnerability (MS08-066) in Windows’ “privilege escalation” feature that Microsoft revealed — and patched — in October. [DarkReading]