• Welcome to OnlyTech Forums
    An online community for the tech enthusiasts!
    Log in or Register

CERT-In Alert: ‘Bladabindi’ virus targets Windows OS in India, steals personal info

mmadhankumar

This Too Shall Pass
Staff member
Administrator
Joined
6 May 2012
Messages
4,591
Solutions
1
Reaction score
7,180
Computer_Tech2_NEW-624x351.jpg


Cyber security sleuths have alerted Indian Internet users against hacking attempts of a clandestine multi-identity virus – Bladabindi – which steals sensitive personal information of a user for nefarious purposes.

The virus, the Computer Emergency Response Team-India (CERT-In) said, could infect “Microsoft Windows operating system” and it spread through removable USB flash drives, popularly known as pendrive and data cards, including other malwares.

CERT-In is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain. ”It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.

“Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares,” the latest advisory by the agency said.

The threat potential of the malware or the virus can be gauged from the fact that it can acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user.

“Bladabindi variants can be created using a publicly available malicious hacker tool. Attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file,” the advisory said.

The virus possesses a unique ability to acquire a safe network domain id in order to falsely add itself to the firewall exclusion list and bypass a user’s firewall mechanism.

A typical ‘Bladabindi’ variant propagates by way of copying themselves into the root folder of a removable drive and create a shortcut file with the name and folder icon of the drive. When the user clicks on the shortcut, the malware gets executed and Windows Explorer is opened and it makes it seem as if nothing malicious happened.

A potential attack by the virus could result into the loss of important proprietary data of a user like “computer name, country and serial number, Windows user name, computer’s operating system version, Chrome stored passwords, Firefox stored passwords, the agency said in the advisory.

“The malware can also use infected computer’s camera to record and steal personal information. It checks for camera drivers and installs a DLL plugin so it can record and upload the video to a remote attacker. The malware can also log or capture keystrokes to steal credentials like user names and passwords,” the CERT-In cautioned users.

The agency has also suggested some countermeasures against “Bladabindi’.

“Scan computer system with the free removal tools, disable the autorun functionality in Windows, use USB clean or vaccination software, keep up-to-date patches and fixes on the operating system and application software, deploy up-to-date anti-virus and anti-spyware signatures at desktop and gateway level,” the agency suggested.


It also recommended users should not follow unsolicited web links or attachments in email messages, do not visit un-trusted websites, use strong passwords and also enable password policies, enable firewall at desktop and gateway level, guard against social engineering attacks and limit user privileges.


CERT-In alert: 'Bladabindi' virus targets Windows users in India, steals personal info - Tech2
 

superdudebuddy

Elite
Member
Joined
7 Jan 2014
Messages
857
Reaction score
321
Bladabindi Malware Affecting Windows Computers In India

Bladabindi Malware Affecting Windows Computers In India - CERT-In Warns

A new malware that goes by the name 'Bladabindi' has been found to have hit hundreds of computers in India and the Government of India's CERT-In or Computer Emergency Response Team has started warning Indian computer users to beware of it. The Bladabindi virus is capable of stealing sensitive personal information from the victim's computer and sending it to a malicious hacker sitting anywhere across the world. The malware can give backdoor access to your PC in the hands of the hacker. After infecting a single machine, the Bladabindi virus can spread through USB flash drive (pen drives, hard disks) and other removable drives. The computers can also catch on the malware by accidentally downloading other malicious software from malicious links and hacked websites.

The many variants of Bladabindi virus are also capable of capturing the computer's web camera, control the keyboard press, steal passwords stored in internet browsers such as Mozilla Firefox, Google Chrome or Opera and store DynDNS and No-IP/DUC information too. In fact, the CERT-In team has found 13 different version of the new virus, that can harm your machine and steal the data residing in it. Following are some of the sample file icons used by Bladabindi till date -

bladabindi-malware-india-jpg.12387


If users run any of the files mentioned above or others similar to it, the Bladabindi malware will copy itself to one of the locations on your machine with a variable name. For example %TEMP%\svhost.exe or %TEMP% or %APPDATA% or %USERPROFILE%. It could also change certain specific registry entries so that it runs each time you start your PC. Moreover, the trojan can connect to remote servers to download and install updates or other malware. The Microsoft team has found it connecting to - fox2012.no-ip.org, jn.redirectme.net, moudidz.no-ip.org and reemo.no-ip.biz.


Read More
 

Sarkar

Guru
Member
Joined
1 Jun 2013
Messages
11,003
Reaction score
11,364
RE: Bladabindi Malware Affecting Windows Computers In India

So that's why Bitdefender gave free license to all. Welldone Bitdefender :luv
 

superdudebuddy

Elite
Member
Joined
7 Jan 2014
Messages
857
Reaction score
321
RE: Bladabindi Malware Affecting Windows Computers In India

@ Sarkar Bro are you using Bitdefender ?
 

Sarkar

Guru
Member
Joined
1 Jun 2013
Messages
11,003
Reaction score
11,364
RE: Bladabindi Malware Affecting Windows Computers In India

No i have kaspersky currently with 6 months left.
 

superdudebuddy

Elite
Member
Joined
7 Jan 2014
Messages
857
Reaction score
321
RE: Bladabindi Malware Affecting Windows Computers In India

okay bro just to know that Bitdefender is good or crap .
 

Sarkar

Guru
Member
Joined
1 Jun 2013
Messages
11,003
Reaction score
11,364
RE: Bladabindi Malware Affecting Windows Computers In India

superdudebuddy said:
okay bro just to know that Bitdefender is good or crap .
Good or bad is very easy to determine. Just three steps

Step 1
Visit these two site
1. AV-Comparatives Independent Tests of Anti-Virus Software » AV-Comparatives
2. AV-TEST | Home | Comparative tests of antivirus software for Windows and reviews of anti-malware Apps for Android

and determine which product is performing well in different category test

Step 2
Install trial version of that product and check the performance on your system. If you face any problem report it on their respective forum. And see what they reply.

Step 3
check how good is their support here and which is cheaper :k
 
Top Bottom