Unusual Malware Obtainable from Romanian Social Welfare Website
Legitimate websites that have been compromised normally deliver malicious software, which reaps monetary gains to its peddlers; however, exceptions may arise. Thus, a Microsoft customer recently sent one submission form to the software company which downloaded a few dubious files from one particular site. On examining carefully it was substantiated that the site was really hostile where the hosted malware was identified as Trojan:BAT/Delosc.A. Help Net Security published this in news on January 27, 2012.
Moreover, hosted on the domain, asistentasociala.info, the site apparently is very popular presenting e-forms, which must be completed so applicants can get "social welfare," along with directions on the way for doing it. The forms, mostly in Excel, Word and PDF formats, are provided for download that are unsurprisingly altered to EXE files having identical filenames.
Here it maybe mentioned that the icon for the malevolent files is exactly of the original that thus hides the falsity to the computer user. To be precise, soon as these malevolent .exe files are executed, they install the real, innocuous document files so that the farce remains unhindered; however, behind the screen, they install one BAT file too within the Temporary Files directory.
Apparently, while attempting at erasing folders and files, the said BAT file targets 2 software solutions that Romanian institutions mainly work with. These are 'Aplxpert,' software for document management determined with rules outlined with regards to public administration, and 'Indaco,' software which provides legal documentation services.
The BAT file then moves to erase files and folders, which have the strings such as "mono," "factur," "agr," "glob," "multi," "gami," "social," "arenda," "alocati," "asf," "vmg," "assist," "inclaz" and "lemne" on the drives such as C, D, E, F, G and H. Microsoft published this on January 26, 2012.
Nevertheless, investigators continue to examine the malware, while hitherto its purpose appears pretty distinct. They also advise Internauts for being careful when they download files whilst watching for those which display a file extension different from the icon for it. Finally, like always, it's very important to activate anti-virus software for safeguarding one's PC from the above type of threats.
Related article: Unsolicited E-mails Touch Record High, Says Commtouch Report
» SPAMfighter News - 04-02-2012