By Domesticus in Backdoors

Bkdr_Cysxl.A is a backdoor Trojan being used in a wide spread email spam campaign exploiting the excitement of the upcoming 2012 Summer Olympic Games hosted in London. Cybercriminals are not bias and will exploit any and everything they can to reap ill-gained profits. While to some people the Olympic Games are just another sports event, for many others it is a culture. Die-hard fans like to get an early jump on buying tickets, especially top category events that often sell-out.

Email scams that spoof or exploit official Olympic sites and promotions are nothing new. In fact, Internet security experts who keep watch of malware activity in the wild reported a 2012 London Olympic Game email spam surfacing as early as October, 2008.

The email spam delivering Bkdr_Cysxl.A presents as follows:

Don't be fooled by bogus websites and organisations claiming to sell tickets to the Games. Tickets will be available from this website, for the UK and EEA (European Economic Area) residents only, and official 2012 London sales channel from spring 2011. You will not be asked to make a payment or sign a contract until then.

Please read about tickets for details at the attachment in which has some bogus websites and organizations.

An official site of the London 2012 Olympic Games and Paralympic Games.

The above spam letter is sealed with a fraudulent 2012 Olympic Games logo, in which cybercriminals hopes authenticates the farce and scam to further deceive unwary PC users. Is it ironic that the first line in the bogus email letter mirrors actual verbiage posted on one of the official ticket selling sites for the 2012 London Olympic and Paralympic Games? No, it is not mere coincidence. Malware makers and cybercriminals often shape their viral warheads off of legitimate branding, even violating copyrights.

In order to execute the payload, PC users must open the infectious .DOC attachment containing 3 supposed bogus websites. If opened, however, a malicious file being detected as TROJ_ARTIEF.ZIGS exploits a RTF stack buffer overflow and unleashes or downloads Bkdr_Cysxl.A onto the infected system.

In addition to opening a backdoor for a hacker to gain access and possible administrative control, Bkdr_Cysxl.A will reconfigure the system. Files and components might be deleted to render the firewall, weaker anti-virus programs defenseless and to cripple the operating system, helping to justify the lies and behaviors of a fake online scanner or rogue security program. A port will be opened to report successful infiltration and implantation of malicious files and components, earning pay for the malware builder. Vital data will be stolen off the system and more malicious programs might be installed.

Hopefully you did not fall for the scam and deleted the spam letter altogether as opposed to opening the malicious document. If you or someone using your PC have fallen victim, you should clean your computer by using a trusted anti-malware program to scan and eradicate all found malware, even ones hidden in the root of your PC. Before buying tickets online, make sure the website or ticket promoter is legitimate and you are not just handing your financial data over to a hacker.

SpyHunter Detects & Remove BKDR_CYSXL.A

File System Details

BKDR_CYSXL.A may create the following file(s):
# File Name MD5 Detections
1. %System Root%\Document and Settings\All users\realupdate.exe
2. %System%\cydll.dll
3. file.exe 14b6fcdff12b707bf660d552b2e24731 0
4. file.dll c10ae223f80a4aab03da384e4c89a39d 0

Registry Details

BKDR_CYSXL.A may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CyService\parametersServiceDll = "%System%\cydll.dll"

1 Comment

bookmarked!!, I like your blog!


Most Viewed