BKDR_DOKSTORMC.A is a malicious file that infects the targeted computer with a version of the Arcom RAT (Remote Access Trojan). As its name implies, a RAT allows a remote attacker to gain access to the victim's computer. BKDR_DOKSTORMC.A is distributed through malicious email messages, in this case a spam email that contains a fake Tsunami warning. The BKDR_DOKSTORMC.A email message contains a fake article and an embedded link that supposedly leads to a video. This link leads to a malicious ZIP archive which supposedly contains an AVI video. In reality, this ZIP archive contains the BKDR_DOKSTORMC.A Trojan. This Trojan is disguised as an AVI file that is actually a PIF file named sunami_australian_agency_of_volcanology and seismology.avi.pif (BKDR_DOKSTORMC.A uses a fake extension to hide itself). ESG security researchers strongly advise computer users to avoid news from unsolicited email messages. Your news should come from reliable news outlets rather than from spam email. Fake news stories distributed in spam emails are some of the most popular ways of distributing malware, usually contained in a malicious embedded link or file attachment.
The fake news article contained in BKDR_DOKSTORMC.A's malicious email message supposedly comes from news.com.au and clearly targets computer users located in Australia. According to this fake news article, experts warn about a Tsunami headed towards Australia on December 31st (all the more silly is considering that Tsunamis are nearly impossible to predict, especially nearly two months before the date!). The article contains a link that says 'watch now' which leads to the malicious ZIP archive containing the BKDR_DOKSTORMC.A Trojan. This dangerous Trojan is a backdoor infection that, once installed, attempts to connect to a remote server in order to receive instructions from the remote party.
BKDR_DOKSTORMC.A is a Variant of the Arcom RAT
The Arcom RAT is a dangerous malware infection that criminals can use to gain control over the infected PC. This hacking tool is sold on hacking forums for two thousand dollars, although it is also available on underground file sharing networks in a cracked version. BKDR_DOKSTORMC.A was created by a hacker known as princeali, who is connected with a hacking organization known as NuclearWinterCrew. This group of criminals was also responsible for the NuclearRAT, another dangerous backdoor Trojan and RAT. Malware like the Arcom RAT has been used to attack high profile targets, including government organizations and muti-national corporations and poses a severe threat to infected computer systems.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.