BKDR_BRIBA.EVL Description

BKDR_BRIBA.EVL is a dangerous backdoor Trojan that is associated with a Trojan dropper known as TROJ_MDROP.EVL. Most of the time, a BKDR_BRIBA.EVL infection initiates with a malware attack contained in a malicious file with the DOC extension. Using a known vulnerability in Adobe Flash Player's previous versions (CVE-2012-1535), this malicious DOC file can execute code that drops BKDR_BRIBA.EVL's files on the infected computer. These kinds of attack can severely compromise your private information and the integrity of your operating system. To protect yourself from both BKDR_BRIBA.EVL and its Trojan dropper, ESG security researchers advise making sure that your version of Adobe Flash Player is fully up to date. ESG malware analysts also recommend avoiding opening unsolicited email messages and never downloading unsolicited email attachments. You can also ensure that the malicious email message never arrives in your inbox in the first place by making sure that you use a reliable anti-spam filter for all your email accounts.

Understanding a BKDR_BRIBA.EVL Attack

The main purpose of BKDR_BRIBA.EVL is to install a backdoor into the infected computer. Typically, this is a vulnerability in the infected computer's security that allows criminals to gain access to the infected computer without authorization. Backdoors can be used both to put information into a computer as well as taking it out. A criminal may use the backdoor that BKDR_BRIBA.EVL to installs to steal sensitive data or to monitor the infected computer's online activities. This backdoor can also be used to install other malware on the victim's computer. These malware infections can range from banking Trojans to various kinds of ransomware and scamware infections.

The Steps Involved in a BKDR_BRIBA.EVL Attack

A BKDR_BRIBA.EVL attack will usually involve various components used to make BKDR_BRIBA.EVL difficult to eliminate and detect on the computer. Typically, criminals will use the TROJ_MDROP.EVL Trojan dropper, which is disguised as a harmless Microsoft Word document. This Trojan dropper is distributed as a malicious email attachment that promises important news or information in order to convince inexperienced computer users to view its contents. Opening this fake DOC file results in an attack that exploits a vulnerability in Adobe Flash Player that will make it possible to install BKDR_BRIBA.EVL. This installation process may occur in the background and, in many cases, an actual DOC file will open to distract the computer user. Once installed, BKDR_BRIBA.EVL attempts to connect to a URL that seems to be inactive at the moment of writing this report.

Technical Information

Registry Details

BKDR_BRIBA.EVL creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe = "%User Profile%\Application Data\taskman.dll, start"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.