Home
Home
Home
Home
Home
Home
Home
Home
Home

Friday, February 17, 2012

The Highlander Bot

Luis Corrons of PandaLabs has recently found an interesting take on a trojan malwarebot.

As with most malware, the attack begins with a suspicious email inviting the recipient to click a link to review an order confirmation for a bogus order.  The reader, even if aware that the order is bogus, may follow the link anyways to see where it leads.  In a typical course of action, the link asks for the reader to download a piece of software to view the order, which is in fact the infection.  And, as with most infections, it will steal user data & send it back to its controllers.

The interesting twist is the Highlander angle: in a nod to the movie's premise of "there can be only one," the bot actually removes any other infections it finds.  In that manner, it ensures that it has complete control of the infected PC without having to compete with other pieces of malware.

Avoiding this type of infection involves exercising care in following links from emails.  Generally, if a vendor sends you a suspicious email, call the company to handle the situation and that way, if it is indeed a piece of phishing email, they will tell you.  Alternatively, avoid following links to the vendor's website; instead, open up your web browser and navigate to the vendor's site, then log in as you ordinarily would.  As always, ensure your anvivirus and antimalware software are up to date, and do not hesitate to contact your IT provider if you receive something suspicious.

No comments:

Post a Comment