On a daily bases we are finding new ways that are used by malicious users to spread their malwares. TrendMicro issued a new blog entry for another malicious campaign that is promoting BKDR_KULUOZ.PFG a well-known backdoor that was firstly seen back in April 2012.
Attackers are using spamming message with the FedEX template to trick user about the source of the email. the malware uses a technique similar to DUQU to communicant with the command-and-control (C&C) server and send or receive instruction. BKDR_KULUOZ.PFG creates a svchosts.exe process on windows operating system and injects a DLL file named “work”. it also executes several API to slowdown debugging the malicious program.
This is not all as it goes to download and execute other type of FakeAV malware that claims to provide security to end users but it obviously runs a trojan:
The backdoor is also capable for updating itself to prevent a security software from detecting it’s malicious behavior.
To protect yourself against this malware make sure to keep your system and AV signature updated. Be sure to not open suspicious email that may contain an attachment even with .doc or .pdf extension.
Report the incident to your security team so they can take appropriate measures for protecting all users.