Threat Database Backdoors BKDR_ANDROM.NTW

BKDR_ANDROM.NTW

By JubileeX in Backdoors

BKDR_ANDROM.NTW is installed on a computer through a scam that distributes a malicious JavaScript Trojan in the form of a fake Java 7 update. This social engineering scam is highly effective because Zero Day vulnerabilities in the latest version of Java have received a lot of attention in the news. This has led to many computer user users seeking out and downloading updates for their computer and Java Runtime Environment. Unfortunately, criminals have taken advantage of this development by carrying out numerous social engineering scams that involve fake updates for Java in the form of malicious JAR files. This, in turn, results on the installation of BKDR_ANDROM.NTW on the victim's computer. BKDR_ANDROM.NTW is a backdoor Trojan that allows the installation of the Andromeda bot on the victim's computer. This allows criminals to take over the infected computer and use it as a part of the infamous Andromeda botnet.

Once installed, BKDR_ANDROM.NTW creates an opening in the victim's computer's security. This opening, known as a backdoor, allows criminals to install malware or steal information from the infected computer without alerting the infected computer's security software. Backdoor Trojans are the main way in which other attacks involving data theft or the installation of other malware (such as bitcoin miners or rogue security software) are carried out. The payload of a BKDR_ANDROM.NTW attack allows criminals to take over the infected computer in order to use it in additional malware attacks, send out spam email or to carry out other kinds of attacks that use thousands of coordinated infected computers. It is important to understand that the presence of the BKDR_ANDROM.NTW Trojan on a computer indicates a severe threat to a computer's security and should be followed with immediate action involving a reliable anti-malware application.

Preventing Malware Attacks Associated with BKDR_ANDROM.NTW

The best way to prevent BKDR_ANDROM.NTW infections is to disable Java entirely, especially in the wake of the Zero Day vulnerabilities reported in the media. Trojan droppers associated with BKDR_ANDROM.NTW use malicious Java Script files disguised as updates for Java. It is also recommended ensuring that your computer is protected with a reliable anti-malware scanner that is from a reliable source (preferably, directly from the manufacturer). This, coupled with safe browsing practices, should protect you and your data from a BKDR_ANDROM.NTW attack and other forms of malware.

SpyHunter Detects & Remove BKDR_ANDROM.NTW

File System Details

BKDR_ANDROM.NTW may create the following file(s):
# File Name MD5 Detections
1. up2.exe
2. up1.exe
3. %System Root%\Documents and Settings\All Users\svchost.exe
4. javaupdate11.jar
5. %User Temp%\ms[RANDOM CHARACTERS].[EXTENSION NAME]
6. %System Root%\Documents and Settings\All Users\Local Settings\Temp\ms[RANDOM CHARACTERS].[EXTENSION NAME]
7. javaupdate11.class
8. 8392bc354d99ecacc71370d6bd4550a9 8392bc354d99ecacc71370d6bd4550a9 0

Registry Details

BKDR_ANDROM.NTW may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = "%System Root%\Documents and Settings\All Users\svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\WindowsLoad = "%User Temp%\ms[RANDOM CHARACTERS].[EXTENSION NAME]"
Users\Local Settings\Temp\ms[RANDOM CHARACTERS].[EXTENSION NAME]"
PATH]\[MALWARE NAME].exe = "[MALWARE PATH]\[MALWARE NAME].exe:*:Enabled:[MALWARE NAME]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run [RANDOM NUMBER] = "%System Root%\Documents and Settings\All
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List[MALWARE

Trending

Most Viewed

Loading...