Spam wave dropping trapped  PUB file spotted by security experts at Bitdefender. These PUB file deliver a backdoor which is capable of setting sensitive information’s from corporate information.

When the victim opens the file PUB file it triggers a VBscript and downloads CAB file.

PUB file –> VbScript –> AutoIt script –> Backdoor

This CAB file has an AutoIt script, which is capable of running the script and another file encrypted with AES-256 algorithm.

This encrypted file is actually the backdoor Trojan.

What this backdoor capable of?

  • It can act as a keystroke recorder and record passwords typed into GET forms.
  • Dumb passwords from browsers and email clients.
  • Gather system information and more..

 

We can scan for rootkit infection with GMER and virustotal

https://www.virustotal.com/

http://www.gmer.net/#start

 

Gurubaran is a PKI Security Engineer. Certified Ethical Hacker, Penetration Tester, Security blogger, Co-Founder & Author of GBHackers On Security.