Original Issue Date:October 19, 2012
The archive installs variants of Dorkbots. Eventually controls the victim machine by opening a backdoor and communicating to a remote http server. The worm reported as stealing user credentials, engaging in click fraud activities and pose as ransomware.
Countermeasures and Recommendations
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information TechnologyGovernment of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India