Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Unusual Malware Obtainable from Romanian Social Welfare Website

Legitimate websites that have been compromised normally deliver malicious software, which reaps monetary gains to its peddlers; however, exceptions may arise. Thus, a Microsoft customer recently sent one submission form to the software company which downloaded a few dubious files from one particular site. On examining carefully it was substantiated that the site was really hostile where the hosted malware was identified as Trojan:BAT/Delosc.A. Help Net Security published this in news on January 27, 2012.

Moreover, hosted on the domain, asistentasociala.info, the site apparently is very popular presenting e-forms, which must be completed so applicants can get "social welfare," along with directions on the way for doing it. The forms, mostly in Excel, Word and PDF formats, are provided for download that are unsurprisingly altered to EXE files having identical filenames.

Here it maybe mentioned that the icon for the malevolent files is exactly of the original that thus hides the falsity to the computer user. To be precise, soon as these malevolent .exe files are executed, they install the real, innocuous document files so that the farce remains unhindered; however, behind the screen, they install one BAT file too within the Temporary Files directory.

Apparently, while attempting at erasing folders and files, the said BAT file targets 2 software solutions that Romanian institutions mainly work with. These are 'Aplxpert,' software for document management determined with rules outlined with regards to public administration, and 'Indaco,' software which provides legal documentation services.

The BAT file then moves to erase files and folders, which have the strings such as "mono," "factur," "agr," "glob," "multi," "gami," "social," "arenda," "alocati," "asf," "vmg," "assist," "inclaz" and "lemne" on the drives such as C, D, E, F, G and H. Microsoft published this on January 26, 2012.

Nevertheless, investigators continue to examine the malware, while hitherto its purpose appears pretty distinct. They also advise Internauts for being careful when they download files whilst watching for those which display a file extension different from the icon for it. Finally, like always, it's very important to activate anti-virus software for safeguarding one's PC from the above type of threats.

Related article: Unsolicited E-mails Touch Record High, Says Commtouch Report

ยป SPAMfighter News - 04-02-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next