Backdoor:Win32/Blohi.B DescriptionType: Backdoors
Backdoor:Win32/Blohi.B is a malware infection that criminals are using to cheat in card games located on Korean gaming websites. Backdoor:Win32/Blohi.B is also being used to steal information and money from computer users participating in the affected games. Backdoor:Win32/Blohi.B is part of a multi-component malware attack that involves three different kinds of spyware infections. These are being used to infect players of a Korean card game program. Backdoor:Win32/Blohi.B will steal sensitive data from the infected computer, potentially allowing criminals to gain access to the victim's bank accounts, online social media and email accounts and credit card information. Backdoor:Win32/Blohi.B can also allow people to cheat in the affected games by letting the person controlling Backdoor:Win32/Blohi.B gain an unfair advantage.
Computer users participating in the affected game are being targeted by three different malware infections. Backdoor:Win32/Blohi.B itself is a typical spy Trojan, monitoring the victim's online activity and allowing criminals to spy on the infected computer's screen, keystrokes and files. These malware attacks are also being used to gain access to personal identification numbers and credit card information which is used to register and participate in these games (which use real-world money for gambling). The gaming applications being affected by Backdoor:Win32/Blohi.B and its related attackers include the following:
The three malware infections associated with this attack are Urelas, Gupboot, and Blohi (Backdoor:Win32/Blohi.B). These are essentially a spy Trojan, a bootkit and a backdoor Trojan and keylogger.
Backdoor:Win32/Blohi.B makes its way into a computer through a social engineering strategy that involves disguising Backdoor:Win32/Blohi.B as a legitimate gaming application. Backdoor:Win32/Blohi.B itself uses NSIS (Nullsoft Scriptable Install System) installers to make it looks like as if Backdoor:Win32/Blohi.B is a legitimate gaming application. Backdoor:Win32/Blohi.B tries to establish a connection with a Korean search engine to make sure that the infected computer is connected to the Internet. Once this occurs, Backdoor:Win32/Blohi.B starts interfering with running file processes, taking screenshots of the infected computer and monitoring all keys pressed on the victim's keyboard. Backdoor:Win32/Blohi.B has the ability to cause the appearance of a fake Blue Screen of Death. This fake Windows error screen may be used to trick computer users into restarting their computer so that they will allow additional malware to be installed on their computer without being aware.
File System Details
|#||File Name||MD5||Detection Count|
|3||C__Documents and Settings_차상현_Local S||336a057dbc314f886c02aa9b0cd3ecea||0 +|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.