SCF Advanced Search



  • Total Posts: 38464
  • Total Topics: 13015
  • Online Today: 1209
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Bogus Flash Player Dropping Malware (BKDR_IRCBOT.BW, HTML_DLOADR.ARM)  (Read 1780 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7527
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Want to see exclusive videos and photos of Michael Jackson? Then go to your inbox and you'll definitely find some of them there. All you need to do is simply click on the provided link or download an attachment. Quite easy, isn't it... except for the fact that all this is just a part of a hackers' attack aimed at spreading malware. This time, malware by the name of BKDR_IRCBOT.BW is being dropped by another malware called HTML_DLOADR.ARM.

All this malware comes with one (out of many) spam campaign, using the death of Michael Jackson as a lure to trick as many potential victims as possible. The message in this spam is written in Spanish. It is purportedly being sent from CNN Mexico and presents real and accurate information about Jackson's death. The fact that the message itself presents real information adds to the success of this attack. The message looks credible and as a result more people click on the link provided below.

However, a closer analysis revealed that the email is actually sent from a spammed email address When clicking on the link claiming to include an exclusive CNN video, users are actually redirected to a malicious website ending in "/openbb/avatars/imagen/CNN/indexx.php". This page contains just two things - a message in the black background and a threat, identified as HTML_DLOADR.ARM.

The message in the black background informs users that their Flash Players cannot display the video. And without a doubt they are advised to download and install a file called flash-installer-windows.exe which should be an appropriate version of the Flash Player. However, the truth is that this file contains nothing more than malware, detected as BKDR_IRCBOT.BW (also known as Backdoor.W32/IRCBot.BW).

BKDR_IRCBOT.BW, affecting Windows 98, ME, NT, 2000, XP, and Server 2003, then connects to a certain IRC (Internet Relay Chat) server and joins an IRC channel called #cholitos. It then receives commands from a remote user that are executed on the affected computer. As a result, the computer is at risk of being further compromised and used for malicious activities.

Users can only be advised to be vigilant and immediately delete received messages claiming to include photos or videos not only with Michael Jackson, but also other celebrities. Don't open attachments from unsolicited emails, only download information from trusted sites and keep your anti-virus software and anti-spam filters up-to-date. That's what you should do in order to avoid spam malware attacks.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising