分析者: Nino Penoliar

One of the easiest ways for cybercriminals to lure users into their traps is to appeal to human curiosity. In the case of a recent dating spam sample, recipients are enticed to open the attached .ZIP file with the promise of nude photos. Once users open the file, PICOFME.ZIP, they will instead see a .SCR file detected as BKDR_IRCBOT.HIK.

Upon installation, the backdoor application drops copies of itself on the affected system and opens TCP port 6667. It then proceeds to connect to a URL to receive commands from a remote malicious user.

Following commands sent by a remote malicious user, this backdoor application can download and execute its updated copy or other malware, gather system information, and stop or start services. It also joins the IRC channel #AllNiteCafe.

Trend Micro advises users to simply delete such emails, especially if they come from unknown senders, to prevent system infection.
 垃圾邮件阻止日期/时间 : 2011年3月16日 1:41:00 GMT-8
 TMASE
  • TMASE引擎(全局:6.5
  • TMASE样式(全局):8014