Easy Online Tips

Monday, February 13, 2006

Boom, Boom - TROJ_BOMKA.L

TROJ_BOMKA.L may arrive on a system as an attachment to spammed emails, disguised as a non-malicious dart game to entice users into playing it. This non-destructive Trojan is currently spreading in-the-wild and infecting computer systems that run on Windows 98, ME, NT, 2000, XP, and Server 2003.

A rough English translation of the email is:

Subject: you take one pause...
Message Body:
I send a game flash!

then you send your score to me max... therefore I say how much I have made I to you... I am training myself:)

{Name of sender}
Possible Attachment: gioco_freccette.zip

Upon execution, this Trojan drops and executes a copy of the legitimate game on the system. This action hides its malicious behavior from the user.

It also drops its .DLL component, which it registers as a Browser Helper Object (BHO) to ensure that it runs every time the user opens Internet Explorer.

This Trojan also attempts to connect to several Web sites to download other files or an update of itself. These downloaded files may be other malware, leaving the affected computer more prone to malicious attacks.


Post a Comment

Back to Online Tips