Mal/Generic-L

Mal/Generic-L is a generic name for a backdoor Trojan making its way across cyberspace. A Trojan is a malicious program that cybercriminals build to carry out programming script that steals data and opens a port to allow a hacker remote access.

Cybercriminals exploit software or hardware vulnerabilities and rely heavily on human hands to blindly click and download malicious programs. Trojans hide behind decoys, for instance some fake Adobe Flash update, a special codec needed to view a movie or an infectious link crafted in email spam.

Malware attacks are not limited to personal computers, but a jackpot would be planting and growing a virus inside a large company to target or reach a larger audience. Mal/Generic-L was recently spotted in an email spam campaign targeting trusting employees.

Subject: IT Notice
Message body:
Dear all,
Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is moving, a few files deleted. Expert written virus removal tools to help us fully remove this virus, Please download and install the patch, obtain virus definitions, and run the removal tool. Download the tool from: [LINK]. Please Back Up Your System Databases, If any questions, please do not hesistate to contact IT department.

Because the email appeared to be personalized, in other words it was sent from an internal email account (most likely spoofed), and the link reflected the company's own URL. Many employees may have been fooled into clicking and downloading the virus that was hidden behind the fake link. Victims who clicked it where redirected to a third-party website housing Mal/Generic-L and co-conspirator Troj/Inject-QL, another virus and malicious program, so they could download the 'fix', which of course was the actual infection.

A few telltale signs of a poisonous email, IM message or alert that leads to the download of an infection are:

• Poorly written content or text, i.e. poor grammar, spelling or sentence construction.
• Emails, IM chat messages, Facebook posts, etc., requiring you 'click' on some salacious or innocent- looking link. Before you click, verify the source and, if necessary, enter the official URL in the browser yourself and visit the official website to see if the alert, notice or invite is true.
• A URL in the body of a web page doesn't match the URL in the browser. For instance, if you somehow are presented a fake Youtube or Facebook page and are wondering if it is real, go to the official website and see if the same alert or message is rendered.

All malware carries a single or multiple payloads. At a minimum, Mal/Generic-L in Mal/Generic-L's role as a backdoor Trojan intends to help give a hacker unbridled access and control of your PC.

Once a hacker has administrative control, he can use the infected system to distribute a DNS attack or launch another mass email spam campaign to garner more victims.

If in a corporate environment, hopefully you already know to 'verify' all emails before opening it, especially those of an IT nature. Cybercrooks study social engineering and figure many PC users assume if the 'trap' message asks to double-check, many will not do it and just assume it legitimate. If somehow you clicked too soon, you need to notify your 'real' IT department immediately, so they can quarantine and eradicate the problem.

If the virus is on your personal computer, you should disconnect your Internet to shutdown any communications with a remote server and a hacker. Aggressive malware loves to hide deep in a system's kernel, BIOS or MBR and may be using rootkit technology to mask its file names. If you are not highly skilled in editing these types of files, you should rely on an expert tool known to contain an anti-rootkit component that can find all traces of Mal/Generic-L and safely remove it.

SpyHunter Detects & Remove Mal/Generic-L