Win32/Bflient
Win32/Bflient is a worm that has several variants. These variants are identified by adding a letter to the worm's name (for example, Win32/Bflient.A, Win32/Bflient.B, Win32/Bflient.C, etc.). This worm is often detected with several aliases and is typically found on peer-to-peer networks. Win32/Bflient has the capacity to spread from one computer to the other by taking advantage of network vulnerabilities. Win32/Bflient can spread through a network by infecting shared folders and making changes to the infected computer's firewall. Win32/Bflient infects computer systems with the Windows operating system and PC security analysts consider Win32/Bflient among the top ten most common malware infections of 2011. The most common way in which Win32/Bflient spreads is through removable memory devices. This dangerous malware infection creates a backdoor into the infected computer system. This is nothing more than an opening in the computer's security through, which a hacker can access the victim's system from a remote location.
Table of Contents
How Win32/Bflient Attacks a Computer System
Win32/Bflient installs an executable file with the EXE extension in the 'Application Data' directory, changing names depending on the version of Win32/Bflient attacking your computer system (for example, the file associated with Win32/Bflient installs a file named sjlp.exe). As part of its installation process, Win32/Bflient makes a change to the Windows registry, which allows Win32/Bflient to start up every time Windows boots up. In order to spread through removable media, Win32/Bflient copies itself to the drive corresponding to the removable memory device, in a hidden folder named GOLAC and with a file named tornado.exe. It also creates an autorun file, which ensures that Win32/Bflient will start up automatically as soon as the infected drive is connected to a computer system. Once installed, Win32/Bflient has information stealing capabilities. This malware infection will collect the victim's cookies (which can endanger the victim's passwords and personal data), user names, computer name, operating system and version and other general information on the infected computer system. A criminal can then use this information to upload additional malware onto the infected computer system through the backdoor that this worm creates. Win32/Bflient connects to various URLs using HTTP in order to transmit this information. It can download malware from these URLs, receive updates and run specific executable files on the infected computer system.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %Drive%\autorun.inf |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.