ESG security analysts know that whenever there are important worldwide events scammers will take advantage of it by launching spam email campaigns. Sports events, such as Olympic games and soccer cups, are among the most common kinds of these kinds of news events. The TROJ_DLOADR.BGV Trojan downloader has been linked to a malicious online scam that takes advantage of the popularity of the UEFA European Championship 2012, also known as the Euro Cup. This soccer competition is followed worldwide and has spawned a number of online scams.
TROJ_DLOADR.BGV is Distributed Through a Bogus Version of the Euro Cup Website
There’s a website using a ‘Euro2012.com’ domain in order to scam computer users. It is important to remember that the UEFA official website for the European Championship 2012 is http://www.uefa.com/uefaeuro and that other websites claiming to be official web pages may be associated with online scams. This malicious website is designed to mimic the real UEFA web page in order to make computer users believe that they are in fact visiting the real website. However, this malicious website contains various malicious scripts, including a fake anti-virus Trojan known as TROJ_FAKEAV.HUU and the TROJ_DLOADR.BGV Trojan downloader, which is designed to install a Trojan.Zbot variant on the infected computer system.
How the TROJ_DLOADR.BGV Trojan Attacks Your Computer
Like most downloader Trojans, the TROJ_DLOADR.BGV Trojan is fairly straightforward in its attack. Basically, once the victim connects to the fake version of the Euro Cup 2012 website, a malicious script will force the visitor’s computer system to run TROJ_DLOADR.BGV. This downloader Trojan will establish a backdoor onto the victim’s computer system – a backdoor is a term used to refer to an unauthorized hole in the infected computer’s security. Using this backdoor, the TROJ_DLOADR.BGV Trojan can then connect to various remote servers without being detected by the victim’s security software. The TROJ_DLOADR.BGV Trojan will attempt to connect to three different URLs in order to download a variant of the Zbot or Zeus Trojan, family of Trojans onto the victim’s computer system. This is a well-known family of malware that is designed to steal online banking information, such as credit card and account numbers. Detected as TSPY_ZBOT.JMO, this malware threat will also try to connect the infected computer system to a very large botnet used to send out spam email and carry out DDoS attacks.
How Can You Detect TROJ_DLOADR.BGV?