Danger bank Bolik virus attacks Windows-users

06 June 2016, 18:34 | Technologies
photo comments.ua
Text Size:

«Doctor Web» warned about the appearance of a very dangerous polymorphic file virus that can steal money from the accounts of customers of Russian banks, steal confidential information and different ways to spy on his victim malicious program called Bolik, informs "3Dnews".

The malware inherits some of the technical solutions of well-known banking Trojan Zeus (Trojan. PWS. Panda) and Carberp, but unlike them, can propagate without user intervention and infect executable files. self-propagation function is activated by intruders team then begins to interrogate Bolik writable folder in the Windows Network Neighborhood and USB-connected devices, looking for executable files stored there, and infects them. The virus can infect both 32-bit and 64-bit applications.

If the user runs the infected application, the virus decrypts banking Trojan and run it directly into the memory of the computer under attack, without saving to disk. This malware has the specific mechanisms that impede the work of antivirus software: the program, in particular, may be "on the fly" to change the code and structure of the self, and its architecture provide a kind of "moderators", consisting of a plurality of cycles and repetitive instructions.

The main purpose of Bolik - stealing various valuable information in Russian banks' clients. To do this, apply a variety of tools. For example, the virus can control data sent to and sent to browsers Internet Explorer, Chrome, Opera and Firefox. This Trojan is able to steal information that the user enters in the screen forms.

The Bunker spy arsenal includes a module for creating screen captures (screenshots) and the user presses the lock keys (keylogger).

Bolik able to create on the infected machine your own proxy server and a web server that allows you to share files from intruders. The virus is able to organize so-called "Reverse connection": with their help, cyber criminals are able to "communicate" with the infected computers in the network protected by a firewall or do not have an external IP-address, that is, working in a network using NAT (Network Address Translation). All information Bolik communicates with the control server is encrypted according to a complex algorithm and contracts.

Based on materials: www.3dnews.ru



Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer