BKDR_ANDROM.P Description

BKDR_ANDROM.P is a backdoor Trojan that is involved in a spam email campaign related to hotel booking. BKDR_ANDROM.P propagates via spam email messages and affects computer users in Germany and Austria. The bogus email is allegedly sent by one of the Brenners Park-Hotel and Spa in Austria with the same theme to its English duplicate since it contains confirmation and details on a so-called booking reservation. In truth, the particular Brenners Park-Hotel and Spa is in Baden-Baden Germany and not in Austria. The spam email carries a malevolent ZIP file attachment, which is found as BKDR_ANDROM.P. The email attachment is a variation of the Gamarue/ Andromeda bot that contacts any of the six C&C servers. A usual Andromeda bot is limited to the number of six URLs. They all are fast-flux URLs, and all of the servers are offline/inactive. Initial communication is set up by transferring an encrypted POST request to the server. BKDR_ANDROM.P may also operate in a 32-bit and a 64-bit Windows environment from Windows XP to Windows 7. The environment is established by calling the isWow64Process API and the processes the file can be embedded.

Type: Backdoors

How Can You Detect BKDR_ANDROM.P?

BKDR_ANDROM.P Removal Details

BKDR_ANDROM.P creates the following files in the system:

• %Windows%\SysWOW64\svchost.exe – 64-bit
• %System%\wuauclt.exe – 32-bit

Important Article Disclaimer