Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected.
Symantec confirmed that the malware "Backdoor.Rabasheeta" is capable of controlling a compromised computer from a remote location and the creator has the capability to command the malware to make the threats like bomb and murders. The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI).
The dropper for Backdoor.Rabasheeta drops a main module and a configuration file. The dropper creates a registry entry so that the main module is executed whenever the compromised computer starts. This dropper also modifies CreationTime, LastWriteTime, and LastAccessTime of the main module with random values to help keep it hidden. Then the dropper will execute the main module before removing itself from the computer.
Because some string of characters used to process encrypted communication with the creator is in Japanese, Symantec believe the creator is most likely a person who has a good understanding of the Japanese language.
Symantec has also acquired a third variant of this threat. The version number of this variant is 2.0. It is practically identical to version 2.23 and there are no noticeable differences between the two.
Police are currently investigating the connection between the threats and the malware. The structure and functions of Backdoor.Rabasheeta are not advanced compared to modern malware. However, it is still capable of surreptitiously opening a back door on a compromised computer. To protect against this type of threat, users should use caution when downloading software from unknown sources. Do not click on suspicious links or attachments in emails.
Daily Updates or our RSS feed to kick off your day with the latest hacking and Security news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+