Trend Micro Virus Alert: TROJ_BOMKA.L

Discussion in 'malware problems & news' started by Randy_Bell, Feb 11, 2006.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    TROJ_BOMKA.L may arrive on a system as an attachment to spammed emails, disguised as a non-malicious dart game to entice users into playing it. This non-destructive Trojan is currently spreading in-the-wild and infecting computer systems that run on Windows 98, ME, NT, 2000, XP, and Server 2003.

    A rough English translation of the email is:

    Subject: you take one pause...
    Message Body: I send a game flash!
    then you send your score to me max... therefore I say how much I have made I to you... I am training myself:)
    bye
    {Name of sender}
    Possible Attachment: gioco_freccette.zip

    Upon execution, this Trojan drops and executes a copy of the legitimate game on the system. This action hides its malicious behavior from the user.

    It also drops its .DLL component, which it registers as a Browser Helper Object (BHO) to ensure that it runs every time the user opens Internet Explorer.

    This Trojan also attempts to connect to several Web sites to download other files or an update of itself. These downloaded files may be other malware, leaving the affected computer more prone to malicious attacks.

    If you would like to scan your computer for TROJ_BOMKA.L or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    For additional information about the TROJ_BOMKA.L please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BOMKA.L
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    The actual translation is:

    Subject: take a pause...
    Message Body: I'm sending you a flash game!

    send me your highest score... so I will tell you how many points I made... I am training :)
    bye
    {Name of sender}
    Possible Attachment: gioco_freccette.zip
     
  3. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    well, I've isolated and analyzed it in Italy 2nd February, when it was widespread here.

    Well PCCillin, better late than never :D :D :D
     
Loading...
Thread Status:
Not open for further replies.