There has been a recent resurgence of attacks involving malware related to the infamous Andromeda botnet. The backdoor Trojan that powers this botnet, BKDR_ANDROM.DA, is in its version 2.6 and has been spotted in several attacks in countries such as Germany and Turkey. BKDR_ANDROM.DA is distributed through spam email messages distributed from computers already infected with BKDR_ANDROM.DA. These malicious spam email messages contain malicious embedded links or attached files that direct computer user to attack websites that use the Black Hole Exploit Kit (or similar hacking tools) to infect the victim's computer with BKDR_ANDROM.DA. To prevent a BKDR_ANDROM.DA infection, ESG security researchers counsel PC users to refrain from opening unsought email attachments or links and to use a reliable, fully-updated anti-malware program to protect their computer.
Malicious Tasks that BKDR_ANDROM.DA Can Carry Out
Once a computer is infected with BKDR_ANDROM.DA, this dangerous Trojan can carry out a wide variety of tasks. This ranges from installing other malware (such as a nearly impossible to remove rootkit infection or a banking Trojan such as Zeus Trojan) to stealing information directly or harassing the victim by displaying messages and taking control of the infected computer. The versatility of the BKDR_ANDROM.DA Trojan comes from its modular design. Criminals that purchase this malware infection in order to carry out their attacks pay $500 USD for the main program. However, they can customize it with extra modules that can be used to add different functionality depending on the needs of the criminals carrying out the attacks.
Apart from spreading through spam email messages, ESG security researchers have also noticed that BKDR_ANDROM.DA can spread through removable drives using tactics more commonly associated with computer worms. However, BKDR_ANDROM.DA uses an infection technique in which BKDR_ANDROM.DA will not copy its main executable to the target but instead inject itself into already running memory processes, making it particularly more difficult for anti-malware software to detect and stop BKDR_ANDROM.DA's attack. BKDR_ANDROM.DA's modular design has allowed criminals to create a botnet with endless possibilities. BKDR_ANDROM.DA is designed to protect itself, bypass many trusted anti-malware applications and attack various versions of the Windows operating system. More importantly, BKDR_ANDROM.DA contains powerful stat trackers that allow criminals to keep track of what computers are infected and the countries where these computers are located. BKDR_ANDROM.DA gathers other kinds of data that can then be used to engineer more powerful malware attacks that are more difficult to detect and remove than ever before.