Bicololo

Bicololo is a malware threat, which targets Russian Internet users. Once Bicololo is executed on an affected computer system, it downloads and runs component files, such as batch (.bat) and script (.vbs) files and then modifies the HOSTS file. The latter enables unaware PC users to be rerouted to possibly malicious or phishing websites when they visit popular Russian social networking websites like Odnoklassniki and VK, and Mail.ru. Computer users may face Bicololo via accessing compromised websites usually powered by WordPress or Joomla, or via landing on 404 error pages of hacked websites that are presented as download links on YouTube, social websites and forums. A newly modified Bicololo variant comes in the form of a dubious advertisement of VIPRE Antivirus software found on an equally dubious Russian Android app website. Once the advertisement is clicked, computer users are diverted to kyzia(dot)ru. This domain might be designed for the only aim to spread malware. It pretends to be a download page for software, movies, games and music, all of which are actually duplicates of this single Bicololo variant. The cybercriminals inlaid all pages with pretend 'Verified Page' seals from known security companies in an effort to make the URL legal. If the computer Clicks the big red button at the bottom part of a page, a ZIP-compressed file including an executable and a text file is downloaded.