BKDR_DLDR.A is a backdoor Trojan that propagates via malicious emails connected with Hurricane Sandy affecting NATO's Special Operations Headquarters (NSHQ). The fake email has the subject 'Did Global Warming Contribute to Hurricane Sandy's Devastation' and includes a .DOC file with the same title. Spammers behind this scam seem to have used the title of a recent New York Times blog post about Hurricane Sandy. The malicious file attachment, found as TROJ_ARTIEF.SDY, exploits the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) which was addressed by Microsoft in November 2010 in MS10-087 to drop BKDR_DLDR.A. BKDR_DLDR.A connects to its command-and-control (C&C) server to send and receive commands from remote attackers. Some of the commands that BKDR_DLDR.A can execute incorporate downloading, copying, modifying, creating files and folders, stealing file information, and acquiring time zone information among others. BKDR_DLDR.A is an Enfal/Lurid variant.