Internet threat level: 1
Follow us on
Home→Blog→Research→January 04 2011→A few words about the HLux botnet
A few words about the HLux botnet
Dmitry Bestuzhev
Kaspersky Lab Expert
Posted January 04, 23:07 GMT
Tags: Microsoft Windows, Botnets, Spammer techniques, Campaigns, Email
Kaspersky Lab Expert
Posted January 04, 23:07 GMT
Tags: Microsoft Windows, Botnets, Spammer techniques, Campaigns, Email
0.4
Today my colleague Jorge Mieres found some interesting information
related to the new HLux botnet.
This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).
After the infection, the newly installed malware downloads a malicious update which is detected by Kaspersky as Email-Worm.Win32.Hlux.c and establishes a connection with BOMBA’s server reporting statistics about the infection.
Our statistics for Jan 5 show countries with the highest infection attempts are the U.S., Germany and the U.K.
This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).
After the infection, the newly installed malware downloads a malicious update which is detected by Kaspersky as Email-Worm.Win32.Hlux.c and establishes a connection with BOMBA’s server reporting statistics about the infection.
Our statistics for Jan 5 show countries with the highest infection attempts are the U.S., Germany and the U.K.
