Reports are coming that a new backdoored virus type 'MSIL/Bladabindi' is spreading through USB drives. A backdoor can give remote access to a system. Bladabindi can steal sensitive personal information from your Windows computer and send it to the remote attacker. The malware copies itself into the removable drives and creates a shortcut with the drive name. On clicking, malware gets executed. It is configured in such a way that it can steal stored passwords from almost all the web browsers currently in use. A remote attacker can issue commands to capture screenshots, compress data and upload, download and run files and update itself. The virus uses code obfuscators to hide its code.
Proposed countermeasures:
** Disable autorun functionality in OS
** Use scanned USB drives
** Update patches
** Avoid untrusted downloads
** Enable firewall to block remote access
Reference : CERT-IN
nice
ReplyDelete