The Computer Emergency Response Team (CERT) on July 26th 2014 has issued an alert for Windows users in Indiawarning about the ‘Bladabindi’ virus which is spreading through pen drivesand data cards and targeting sensitive information on user’s database.
It is a multi-identity virus, i.e. it can acquire 12-13 variants to hide its actual identity and infect your Windows operating system. The Virus Bladabindi can also obtain a safe network domain id to escape your Firewall mechanism.
The huge number of windows users in India might be the reason for Indians being targeted. This virus is not new to the world but India. Microsoft provided some information on this virus and ways to identify them on windows PCs.
How ‘Bladabindi’ steals your sensitive information?
‘Bladabindi’ opens a backdoor for hackers to steal your sensitive information like following from your computer.
- Your PC name, country and serial number
- Your Windows user name
- Your PC operating system version
It can also steal information such as you’re:
- Chrome, Firefox, Opera & IE7 stored passwords
- DnyDNS information
- No-ip/DUC information
- Paltalk credentials
Its variants can also be used as key loggersby the hacker. Once infected, it starts recording the key strokes there by sending him your full login credentials. Once infected the virus checks for camera drives and installs a DLL plugin to runit and record the video and sends it to the remote hacker.
Look at the following commands that can be executed using ‘Bladabindi’.
- Capture screenshots
- Compress data to be uploaded
- Connect to remote servers
- Download and run files
- Exit
- Load plugins dynamically
- Manipulate the registry
- Open a remote shell
- Ping a remote server
- Restart your PC
- Uninstall itself
- Update itself
This virus can connect to remote serversand can download and install the other malwareand viruses. Microsoft has found this Trojan connecting to following address.
- fox2012.no-ip.org
- jn.redirectme.net
- moudidz.no-ip.org
- reemo.no-ip.biz
How to Identifying ‘Bladabindi’ virus on your computer:-
Bladabindi virus acts smart when executed. It generally spreads through the ‘auto run’ from the removable devices and unauthorized download files on internet.
When run on your computer, the virus copies itself into one of the following locations with a variable name for example %TEMP%\svhost.exe.
- C:\Users\<user name>\AppData\Local\Temp – %TEMP%
- C:\Users\<user name>\AppData\Roaming – %APPDATA%
- C:\Users\<user name> – %USERPROFILE%
- C:\ProgramData – %ALLUSERPROFILE%
- C:\ProgramData – %windir%
The above locations can be accessed through Win+R(Run) by using the common folder variables shown along with them, for example %APPDATA%. It also copies itself into startup folder to make sure it runs every time when the computer is started. It can be easily identified with a random 32 alpha-numerical name and .exe extension, for example <startup folder>\5cd8f17f4086744065eb0992a09e05a2.exe.
To check your startup folders on your computer, go to any of the following locations or simply copy-paste the path and hit enter.
- C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
How to protect the computers from ‘Bladabindi’:
- Update your antivirus definitions.
- Do not download files from suspicious links.
- Do not care about anonymous email attachments.
- Check your firewall settings and keep it safe always.
- Do not run untrusted files on the computer. Once infected, your data is out.
- Be careful about pen drives and removable media from your friends. They may not be protecting themselves against this virus.
- Do not use patched or cracked software.
- Do not auto-save passwords on web browsers.
- Do not use IE unless you set automatic updates on your computer to ON.
- Do not use Administrator account for general computer usage. If needed open the program(s) by typing the admin password.
Source:-
www.amfastech.com
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon