Beebus
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 2,763 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 2,920 |
First Seen: | February 8, 2013 |
Last Seen: | September 20, 2023 |
OS(es) Affected: | Windows |
Beebus is a dangerous malware infection that targets businesses in the crucial, high-security sectors defense and aerospace. ESG security researchers suspect that attacks involving Beebus originate in China, meaning that Beebus may, in fact, be part of a state-sponsored malware campaign. This would not be the first time malware has been used in espionage and conflicts between states. In fact, some of the most dangerous malware infections in recent years, Flame and Stuxnet, are thought to have been designed by the United States and Israel in order to attack high-profile targets in the Middle East.
How Beebus Infects Its Targets
Beebus uses a social engineering technique that has been gaining prominence due to its reliability and ability to focus on a specific target. Criminals use email messages specifically tailored to a target's characteristics in order to trick employees in the targeted company to open a malicious email attachment. These email attachments will often be in DOC or PDF format, two formats commonly used for innocuous email attachments and that are not normally associated with malware in the mainstream or by anti-malware scanners. However, there are vulnerabilities in Microsoft Office and Adobe Reader that allow criminals to use PDF or DOC files to execute malicious code on the victim's computer. Beebus is disseminated via 'drive-by downloads', which is a technique in which a malicious script is inserted into a normally harmless website so that it will direct visitors to an attack website in the background.
Using a known vulnerability in Windows, the malicious PDF or DOC file will cause an executable file to run which will, in turn, drop a malicious DLL file into the victim's system folder. This DLL file is named ntshrui.DLL and ensures that the Beebus remains on the victim's computer and starts up automatically when Windows starts up. Once installed, Beebus connects to a remote server. It collects data which is sent, encrypted (in order to prevent interception by PC security researchers) to its command and control server. Then, Beebus receives instructions from the remote location. Beebus can carry out various malicious tasks. Beebus can be used to spy on the victim's computer and to download and install additional malware (making this malware infection highly customizable). It is advisable for computer users related to the defense and aerospace industry to take steps to protect their computers from intrusion from this malware threat.
URLs
Beebus may call the following URLs:
hloginassistant.co |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.