Symantec Experts Identifies Malware behind Death Threats

Researchers at Symantec has investigated and discovered a malicious element's dropper, being the cause of bomb threats and malware making death threats online around 10 days ago.

A registry is being created by the dropper of Backdoor.Rabasheeta, which is the component behind the installation of payload onto the victim's computer. This registry ensures that the main module is being executed every time when the device is fired up.

Once the main module and the configuration file that enables the threat to communicate with its command and control server is set, it removes itself from the infected computer.

Most notably, this particular dropper comes along with a graphical user interface (GUI).

According to Takashi Katsuki, a Security Expert with Symantec this GUI is very tactfully concealed from the compromised computer of the user. Nevertheless, the dropper contains a flag, testMode and the GUI is only displayed when this flag is on, as reported in a statement published in softpedia.com on October 23, 2012.

Yet in another statement Katsuki added that the malware enables the GUI for debugging purposes as it allows the malware to be installed and uninstalled by the click of a button to perform several tests repeatedly as published on October 23, 2012.

Compared to the modern malware, the structure and functions of Backdoor.Rabasheeta are quite less advanced. Nevertheless, it is still able to open a backdoor on a compromised system.

While downloading software from unfamiliar sources, users should be very conscious in order to safeguard their computer against any threat. Suspicious links or attachments in emails should not be disturbed. It is also advisable for users to ensure an up-to-date operating system and software. Both the dropper and the main module detected by researchers were identified as Backdoor.Rabasheeta.

Luckily, so far, the infection is not widespread. However, on consideration of the fact that its victims have been arrested by police due to the threats by the virus, its worth looking out for it.

Related article: Symantec Reports: Microsoft’s Vulnerability genesis of New Worm

» SPAMfighter News - 10/29/2012