After a long silence, cyber criminals again comes with some activity. Unlike other years this year cyber criminal take a long rest. That’s sound good but now they come with
After a long silence, cyber criminals again comes with some activity. Unlike other years this year cyber criminal take a long rest. That’s sound good but now they come with some worst financial purpose. This time, they come with false IRC W-2 form which come with false notification of Internal Revenue Service (IRS) data update.
The security company Trend Micro reports, “The spammed message looks normal since the URLs and phone numbers in it are legitimate. This was probably done so users will not suspect anything. It also encourages users to open the attached .RTF file (Update.doc), which is supposed to be the W-2 form. When users open the .RTF file, however, they will see an embedded .PDF file. This supposedly PDF file is actually an .EXE file that uses the PDF icon. This is detected by Trend Micro as BKDR_POISON.BQA.”
What is BKDR_POISON.BQA?
BKDR_POISON.BQA is a component of the Darkmoon Remote Administration Tool (RAT), which enables a malicious user to execute commands on the affected system.
The email senders trying a backdoor attempts to connect to a private IP address (192.168.29.1) with this tool. This may be the attacker’s misconfiguration, or an attack targeting a specific internal network environment.
So, beware if you get any such email. It is strongly advised that you should not open any such email, even it shows they coming from supposedly known source. If you get such email, you should try to contact IRC to know the actual fact.
You may also like:
- Beware – Mp3 Spam Are Back (Security Alert)
- Fake McAfee Virus Remover Ahead – Beware (Security Alert)
- Statistic behind pornography world (Social Security Alert)
- Apple iPad search come with Fake Antivirus (Security Alert)
- Following Microsoft Virus Scanning Advice May Push You In Danger (Security Alert)