CERT-In warns of Bladabindi malware spread through pen drives
25 Jul 2014
In a public alert The Computer Emergency Response Team – India (CERT-In) has warned about a malware dubbed Bladabindi, which it says was spreading in India through pen drives.
According to the claims of the cyber sleuths, the malware stole personal information and was also being possibly used as a downloader for further infections on the systems.
''Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collective sensitive information to remote attacker'', reads the alert on CERT-In website.
As many as 13 different aliases have been already noted by CERT-In and all major anti-virus vendors had signatures to detect Bladabindi and its variants. If users had one of these solutions installed on their system and it was updated with latest signatures, they were secured.
Among the primary capabilities of the virus are ability to steal sensitive information such as computer name, country and serial number; Windows user name; and computer's operating system version CERT-In said.
Bladabindi's variants could steal a range of information such as Chrome, Firefox, Opera and IE7 stored passwords; DynDNS and No-IP/DUC information; as also Paltalk credentials.
"It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.
"Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares," the latest advisory by the agency said.
The malware's threat potential could be gauged from the fact that it could acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user.
"Bladabindi variants can be created using a publicly available malicious hacker tool. Attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file," the advisory said.
A typical 'Bladabindi' variant spreads by copying itself into the root folder of a removable drive and creating a shortcut file with the name and folder icon of the drive. When the user clicks on the shortcut, the malware is executed and Windows Explorer opens, making it appaer that nothing malicious had happened.
