Techo3 - Technology Inspired
Visit Us On   
Techo3 LOGO
Home
Tech News
Smartphones
Security Tips
How To
Tutorials
More
About us
Contact us
Apple
Google
Microsoft
Nokia
Samsung
Sony
HTC
LG

July 25, 2014

Hacking Virus 'Bladabindi'

Posted by
#Tech Discussion
#Comment or go to Previous Post --- Next Post

Subscribe
Multi identity virus - Bladabindi - which steals sensitive personal information of a user for nefarious purposes


Richard Domingues Boscovich, assistant general counsel of Microsoft's cybercrime-fighting Digital Crimes Unit has warned that the viruses are known as Bladabindi and Jenxcus are present in almost 30% of the world's computer's, even they also found developers of these viruses are in Algeria and Kuwait.
Algeria and Kuwait authorities have not commented on the matter. An order from a federal court in Nevada allowed Microsoft to disrupt communications between infected machines and a Reno, Nevada, firm known as Vitalwerks Internet Solutions. Balabindi and Jenxcus are also written in similar ways.

The state run Computer Emergency Response Team (CERT - In) have alerted Indian Internet users against hacking attempts of a clandestine multi-identity virus-Bladabindi-which steals sensitive personal information of a user for nefarious purposes. They also said this malware could infect "Microsoft Windows operating system"


What are Jenxcus & Bladabindi ?

Jenxcus & Bladabindi are malicious worms that can provide an attacker with full access and control of the infected computer. The malware is commonly spread through infected USB flash drives, drive-by-download attack, can also be downloaded by other malware or through malicious links, hacked websites and social engineering.

Some variants of these worms provide attackers with full control over the infected system. This includes key stokes, take screen captures, operates the screen web camera, microphones, collect sensitive information and send it to a malicious hacker. They can also download other malware and give backdoor access to your PC.

How Bladabindi works ?
  • Janexcus and Bladabindi can acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user. 
  • "Bladabindi" variants can be created using free malicious hacker tool, attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file. 
  • This malware can falsely add itself to the firewall exclusion list and bypass a user's firewall mechanism using its unique ability to acquire a safe network domain id.
  • As this malware having the quality of a worm, it can copy itself into the root folder of a removable drive and create a shortcut file with and folder icon of the drive.
  • When user clicks the icon, the malware gets executed without asking for permission and install itself, and opens a Window Explorer showing that nothing extra happens on clicking the icon.
What Bladabindi attack do ?

Attack by the virus could result into the loss of important data of the user like
  • Computer name
  • Country and Serial number
  • Windows user name
  • Computer's operating system version
  • Browsers stored password
The malware can use infected computer's camera to record and steal personal information by installing a DLL plugin and upload the video to a remote attacker. The malware can also log or capture keystrokes to steal credentials like user names and passwords.

Suggestions to be safe from 'Bladabindi' -
  • Update your Antivirus with latest updates
  • If you are using Windows Defender or Microsoft Essentials, it can detect and remove(hope so) the threat.
  • Be careful while using USB flash drives
  • Stop the Autorun and first scan the flash drive.

Source - 
blogs.technet.com
microsoft.com
MSIL/Bladabindi
economictimes.indiatimes.com


Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  Top