News

A Botnet Targeting Employees That Want to Change Jobs is Infecting over a Thousand People Every Day

2014-11-11

Recently, the Baidu Antivirus Security Center has received feedback from users concerning a malicious program that is spreading quickly through new job offer emails. This malicious program is a variant of the Androm botnet. This botnet not only hijacks users' computers for DDoS attacks, but can also intercept user account information saved on FTP clients and well-known browsers like Chrome. Even more frightening, it can download any file to a user's computer and run it. This is a major threat to users' computers.

 

Based on statistics collected by the Baidu Antivirus Security Center, about 1,300 Androm attacks are intercepted each day. The interception information shows that this Androm variant is primarily spread through phishing emails. These emails mostly have the topic "My New Photo" or "New Offer Job" and have attachments such as "New Bank Payment", "photo_my_new_iphone", or "job.pdf". Also of interest is that the Baidu Antivirus Security Center discovered that Androm is able to enter users' computers through software downloads. As shown in the image below, Androm variants infiltrate computers disguised as Adobe Flash Player, a WinRAR crack, Win8 activation, or other programs.

 

 

Analysis by Baidu Antivirus security experts has found that this Botnet can use a module to launch DDoS attacks on specified target addresses. The module supports the following types of DDoS attacks:

At the same time, it can sniff account information saved on the following types of FTP and browsers:

 

 

The Androm backdoor Trojan disguises itself to trick users into downloading it. It uses a variety of measures to prevent security software from blocking it and analysts from analyzing it. After infection, it poses a serious risk as it can remotely control computers and steal account information. We would like to remind all users to update the virus definition databases of their antivirus software promptly. Currently, Baidu Antivirus users can enable all security defenses to intercept this backdoor attack. Baidu Antivirus security experts also recommend that users regularly use security software to check their computers and completely remove any potential threats.

 

Baidu Antivirus official Facebook:  https://www.facebook.com/BaiduAntivirusEN