Japanese police have arrested three people, accusing them of making death threats via email and discussion forums. However, later, investigators have determined that a piece of malware may have actually posted the threats on their behalf.
One of the suspects was detained after posting a message on a government site in which he threatened to commit mass murder in a shopping area.
An airline company was threatened via email that one of its planes would be destroyed with a bomb, a similar message being sent to the kindergarten attended by the children of the royal family. A post on a discussion board mentioned blowing up a famous shrine.
Japanese authorities are currently investigating the possible connection between the malware and the threats, but security researchers from Symantec reveal that the Trojan in question (Backdoor.Rabasheeta) is capable of performing such tasks.
“From our analysis, we have confirmed that the malware is capable of controlling a compromised computer from a remote location, which is not anything new to malware. Furthermore, from the various functions we have confirmed, the creator has the capability to command the malware to make the threats mentioned above,” researchers explained
During their analysis, the experts learned that the Trojan was most likely developed by someone who fluently spoke Japanese. That’s because the part of the code that encrypts communications between the malware and its creator have been taken from a Japanese website.
For now, only one executable file, called iesys.exe,
has been identified, but Symantec representatives say that other versions may exist.
However, it appears that this infection is very limited and it’s unlikely that it will target the broader population of internauts.
Users who want to check out if their devices are infected with this nasty piece of malware are advised to search for the iesys.exe
file or launch complete system scans with an up-to-date antivirus.