Backdoor:Win32/Blohi.B

Backdoor:Win32/Blohi.B Description

Type: Backdoors

Backdoor:Win32/Blohi.B is a malware infection that criminals are using to cheat in card games located on Korean gaming websites. Backdoor:Win32/Blohi.B is also being used to steal information and money from computer users participating in the affected games. Backdoor:Win32/Blohi.B is part of a multi-component malware attack that involves three different kinds of spyware infections. These are being used to infect players of a Korean card game program. Backdoor:Win32/Blohi.B will steal sensitive data from the infected computer, potentially allowing criminals to gain access to the victim's bank accounts, online social media and email accounts and credit card information. Backdoor:Win32/Blohi.B can also allow people to cheat in the affected games by letting the person controlling Backdoor:Win32/Blohi.B gain an unfair advantage.

Computer users participating in the affected game are being targeted by three different malware infections. Backdoor:Win32/Blohi.B itself is a typical spy Trojan, monitoring the victim's online activity and allowing criminals to spy on the infected computer's screen, keystrokes and files. These malware attacks are also being used to gain access to personal identification numbers and credit card information which is used to register and participate in these games (which use real-world money for gambling). The gaming applications being affected by Backdoor:Win32/Blohi.B and its related attackers include the following:

  1. LASPOKER.EXE
  2. highlow2.exe
  3. baduki.exe
  4. duelpoker.exe
  5. HOOLA3.exe
  6. poker7.exe
  7. FRN.exe

The three malware infections associated with this attack are Urelas, Gupboot, and Blohi (Backdoor:Win32/Blohi.B). These are essentially a spy Trojan, a bootkit and a backdoor Trojan and keylogger.

Backdoor:Win32/Blohi.B makes its way into a computer through a social engineering strategy that involves disguising Backdoor:Win32/Blohi.B as a legitimate gaming application. Backdoor:Win32/Blohi.B itself uses NSIS (Nullsoft Scriptable Install System) installers to make it looks like as if Backdoor:Win32/Blohi.B is a legitimate gaming application. Backdoor:Win32/Blohi.B tries to establish a connection with a Korean search engine to make sure that the infected computer is connected to the Internet. Once this occurs, Backdoor:Win32/Blohi.B starts interfering with running file processes, taking screenshots of the infected computer and monitoring all keys pressed on the victim's keyboard. Backdoor:Win32/Blohi.B has the ability to cause the appearance of a fake Blue Screen of Death. This fake Windows error screen may be used to trick computer users into restarting their computer so that they will allow additional malware to be installed on their computer without being aware.

Technical Information

File System Details

Backdoor:Win32/Blohi.B creates the following file(s):
# File Name MD5 Detection Count
1 sdfsdf.exe 16ff3d13debbf82a27463c1eac15c61a 0
2 Server.exe ac1252cb0a80bfdf1e502599e7b68e24 0
3 C__Documents and Settings_차상현_Local S 336a057dbc314f886c02aa9b0cd3ecea 0
4 Server(1).exe 7e5e2c6dc85a78be00071bf2ea816809 0
5 Project.dat 3fe5d8db697c9c2e123b830f36224816 0

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.