14 DAY TRIAL // Around 10 days ago, we learned of an interesting piece of malware making death and bomb threats online on behalf of its victims. Now, researchers from Symantec have discovered the malicious element’s dropper.
The dropper of Backdoor.Rabasheeta – the component responsible for installing the payload onto the victim’s computer – creates a registry to ensure that the main module is executed each time the device is fired up.
After it drops the main module and the configurations files that enable the threat to communicate with its command and control server, it removes itself from the infected computer.
The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI).
“This GUI is hidden from the user of the compromised computer. However, the dropper contains a flag called testMode and if this flag is on, the GUI is displayed,” Takashi Katsuki of Symantec explained.
“The malware author enables the GUI for debugging purposes, as the GUI allows the malware to be installed and uninstalled by the click of a button to perform many tests repeatedly.”
The different versions of the threat identified by the security researchers have revealed that there are at least three variants. Their creation dates also show that the malware’s author has updated his creation for a period of over one month.
Although it’s not as advanced as other pieces of malware we’ve seen, Backdoor.Rabasheeta is a threat that shouldn’t be taken lightly because it has the capability to open a backdoor on the compromised device and allow its mastermind to take control of it.
Fortunately, so far, the infection isn’t widespread. On the other hand, considering the fact that its victims have been arrested by police because of the threats made by the virus on their behalves, it’s certainly something that’s worth looking out for.