Computer Emergency Response Team(CERT)-in made an alert against hacking attempts by a multi-identity virus named Bladabindi, that steals personal information of a user through USB flash drives. The malware can also use infected computer’s camera to record and steal personal information. It checks for camera drivers and installs a DLL plugin so it can record and upload the video to a remote attacker.
Computer Emergency Response Team-India (CERT-In) said the virus could infect “Microsoft Windows operating system” and it spread through removable USB flash drives, popularly known as pendrive and data cards, including other malwares.
“It has been reported that variants of the malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.
The agency stated that a potential attack by the virus could result into the loss of important proprietary data of a user like “computer name, country and serial number, Windows user name, computer’s operating system version, Chrome stored passwords, Firefox stored passwords, etc.”
The agency has also suggested some countermeasures against “Bladabindi’. The company stated that users should not open unsolicited web links or attachments in email messages and visit untrusted websites. The agency also suggests using strong passwords and enable firewall at desktop and gateway level to protect their data from attacks. “Scan computer system with the free removal tools, disable the autorun functionality in Windows, use USB clean or vaccination software, keep up-to-date patches and fixes on the operating system and application software, deploy up-to-date anti-virus and anti-spyware signatures at desktop and gateway level,” the agency added.
CERT-In has reported 62,189 cyber attacks till May 2014, while 9,174 Indian websites were hacked by groups across the world. CERT-In has also warned Indian Internet users against phishing attacks from digital signatures that have “unauthorisedly” issued through the National Informatics Centre (NIC).
Source: Times Of India