New DHL Notice Campaigns Deliver Backdoor Threat

Tagged: Anti-Virus, BitDefender, Virus, Software
Source: eWeek Security Watch - Read the full article
Posted: 4 years 24 weeks ago

Researchers with BitDefender are tracking the emergence of a new spate of phony overnight delivery notice attacks, calling out a set of threats currently in circulation that attempt to create backdoors that leave affected machines almost completely under the control of their assailants.
The attacks also utilize popular rogue AV scanner techniques to further entrap users, giving them a decidedly staged effect.

According to a recent blog post authored by BitDefender expert Andrei Berczki, the multi-tiered campaign first arrives in users' in-boxes posing as a notice of a failed package delivery from carrier DHL, encouraging recipients to click and download an attachment that promises to allow them to pick up their shipments in person.
The attachment, obfuscated as a zip file, instead infects their device with a Trojan (labeled as "Trojan.FakeAV.VH") once executed. BitDefender is identifying the involved e-mail/spam campaign as "Glecia" and said that it cannot propagate itself, and is therefore dependent on third party interaction to get passed along among users.

After implanting itself on a device, the attack then operates a typical fake AV scanner approach, marketing itself as "AntiVirus Pro 2010" and eventually launching malware infection warnings that push end users to download additional programs promising to help rid their machines of the reported issues.

People who follow through and download the advertised AV utilities predictably end up with the gaping backdoor, leaving their machines open to a litany of subsequent attacks, Berczki said. The expert noted that the involved attackers have typically employed the access point to attempt to connect infected machines to a Russian domain to receive additional commands....

 

Comments

Anonymous

Is it the Andrei Berczki who writes for malwarecity.com as well?