New Delhi: Your personal identity could be at risk as cyber security sleuths smelt off a new virus “Bladabindi†which steals sensitive personal information of a user for nefarious purposes. The virus possesses a unique ability to acquire a safe network domain id in order to falsely add itself to the firewall exclusion list and bypass a user’s firewall mechanism.
Computer Emergency Response Team-India (CERT-In), the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain, said the virus could infect “Microsoft Windows operating system†and is spread through removable USB flash drives, popularly known as pendrive and data cards, including other malwares.
“It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.â€
“Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares,†the latest advisory by the agency said.
The threat potential of the malware or the virus can be gauged from the fact that it can acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user.
“Bladabindi variants can be created using a publicly available malicious hacker tool. Attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file,†the advisory said.
A potential attack by the virus could result into the loss of important data of a user like “computer name, country and serial number, Windows user name, computer’s operating system version, Chrome stored passwords, Firefox stored passwords, the agency said in the advisory. The malware can also use infected computer’s camera to record and steal personal information. It checks for camera drivers and installs a DLL plug-in so it can record and upload the video to a remote attacker. The malware can also log or capture keystrokes to steal credentials like user names and passwords,†the CERT-In cautioned users.
However, the agency has also suggested some countermeasures against the virus. Scanning computer system with the free removal tools, disable the auto run functionality in Windows, use USB clean or vaccination software, keep up-to-date patches and fixes on the operating system and application software, deploy up-to-date anti-virus and anti-spyware signatures at desktop and gateway level can keep your operating system safe.
 It also recommended users should not follow unsolicited web links or attachments in email messages, do not visit un-trusted websites, use strong passwords and also enable password policies, enable firewall at desktop and gateway level, guard against social engineering attacks and limit user privileges.