Topic: Bogus Flash Player Dropping Malware (BKDR_IRCBOT.BW, HTML_DLOADR.ARM)

[Samker]

Want to see exclusive videos and photos of Michael Jackson? Then go to your inbox and you'll definitely find some of them there. All you need to do is simply click on the provided link or download an attachment. Quite easy, isn't it... except for the fact that all this is just a part of a hackers' attack aimed at spreading malware. This time, malware by the name of BKDR_IRCBOT.BW is being dropped by another malware called HTML_DLOADR.ARM.

All this malware comes with one (out of many) spam campaign, using the death of Michael Jackson as a lure to trick as many potential victims as possible. The message in this spam is written in Spanish. It is purportedly being sent from CNN Mexico and presents real and accurate information about Jackson's death. The fact that the message itself presents real information adds to the success of this attack. The message looks credible and as a result more people click on the link provided below.

However, a closer analysis revealed that the email is actually sent from a spammed email address info@hi5.com. When clicking on the link claiming to include an exclusive CNN video, users are actually redirected to a malicious website ending in "/openbb/avatars/imagen/CNN/indexx.php". This page contains just two things - a message in the black background and a threat, identified as HTML_DLOADR.ARM.

The message in the black background informs users that their Flash Players cannot display the video. And without a doubt they are advised to download and install a file called flash-installer-windows.exe which should be an appropriate version of the Flash Player. However, the truth is that this file contains nothing more than malware, detected as BKDR_IRCBOT.BW (also known as Backdoor.W32/IRCBot.BW).

BKDR_IRCBOT.BW, affecting Windows 98, ME, NT, 2000, XP, and Server 2003, then connects to a certain IRC (Internet Relay Chat) server and joins an IRC channel called #cholitos. It then receives commands from a remote user that are executed on the affected computer. As a result, the computer is at risk of being further compromised and used for malicious activities.

Users can only be advised to be vigilant and immediately delete received messages claiming to include photos or videos not only with Michael Jackson, but also other celebrities. Don't open attachments from unsolicited emails, only download information from trusted sites and keep your anti-virus software and anti-spam filters up-to-date. That's what you should do in order to avoid spam malware attacks.

(PC1news)