- Jan 24, 2011
- 9,378
Cybercriminals are leveraging the incident involving the Malaysian Airlines MH370 flight to distribute a piece of malware that enables them to open a backdoor on infected computers.
At this point, there is the possibility that we might never find out how the airplane disappeared. There are all sorts of theories, but none of the 25 countries involved in the search for the missing airplane have come up with any valuable information.
While the topic is still hot, cybercriminals and scammers are doing everything they can to leverage this incident to their advantage.
The first scam related to this topic emerged last week when Facebook posts advertising a video of MH370 being found in the Bermuda Triangle started making the rounds. At the time, scammers were simply trying to trick users into completing surveys and driving traffic to a bogus video website.
Now, researchers from Trend Micro have uncovered a file that’s advertised as being a five-minute clip about the flight. The file is called “Malaysian Airlines MH370 5m Video.exe” and experts believe it’s being distributed via email.
When it’s executed, a backdoor (BKDR_OTOPROXY.WR) is unleashed, enabling cybercriminals to execute commands on the infected device, retrieve system information, and download and execute additional malicious elements.
The command and control (C&C) server used in this attack was previously spotted back in October 2013 when it was being utilized in a targeted attack by sophisticated cybercriminals.
“It is unusual for a targeted attack to share the same infrastructure as a more “conventional” cybercrime campaign, yet that appears to be the case here. We currently have no information that this particular backdoor is being used in targeted attacks,” Trend Micro’s Rika Joi Gregorio noted in a blog post.
Read more: http://news.softpedia.com/news/Fake...s-Flight-MH370-Hides-Malware-432839.shtml[/B]