BKDR_DLDR.A
BKDR_DLDR.A is a backdoor Trojan that propagates via malicious emails connected with Hurricane Sandy affecting NATO's Special Operations Headquarters (NSHQ). The fake email has the subject 'Did Global Warming Contribute to Hurricane Sandy's Devastation' and includes a .DOC file with the same title. Spammers behind this scam seem to have used the title of a recent New York Times blog post about Hurricane Sandy. The malicious file attachment, found as TROJ_ARTIEF.SDY, exploits the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) which was addressed by Microsoft in November 2010 in MS10-087 to drop BKDR_DLDR.A. BKDR_DLDR.A connects to its command-and-control (C&C) server to send and receive commands from remote attackers. Some of the commands that BKDR_DLDR.A can execute incorporate downloading, copying, modifying, creating files and folders, stealing file information, and acquiring time zone information among others. BKDR_DLDR.A is an Enfal/Lurid variant.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.