BKDR_METEO.HVN
Posted: May 1, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 6/10 |
|---|---|
| Infected PCs: | 19 |
| First Seen: | May 1, 2012 |
|---|---|
| OS(es) Affected: | Windows |
BKDR_METEO.HVN is a backdoor Trojan that is distributed as a fake encryption product for Skype (a popular instant messenger and mic/webcam communication program). Besides a payload that includes the installation of a second backdoor Trojan identified as BKDR_ZAPCHAST.HVN, BKDR_METEO.HVN also deletes configuration files for Microsoft's .NET framework and modifies the Windows Registry. By themselves, BKDR_METEO.HVN's attacks are considered low-priority security risks, but if improperly removed may harm your operating system, and SpywareRemove.com malware researchers recommend using anti-malware products to detect and remove all components of a BKDR_METEO.HVN infection. In addition, it should be noted that the backdoor Trojan that BKDR_METEO.HVN installs, as a variant of the DarkComet Trojan, is much more dangerous than BKDR_METEO.HVN itself and can allow criminals to have virtually unfettered control over your PC if not resolved quickly.
BKDR_METEO.HVN: the Latest in Cyber Attacks for Syrian Supremacy
Due to the prolific usage of online communication methods (including instant messaging programs and social networking websites) amongst Syria's current rebel faction, there has been a corresponding increase in social networking-related attacks that steal account passwords and otherwise attempt to hinder online communications. BKDR_METEO.HVN, as one of the latest of these attacks, masquerades as an encryption package for Skype that prevents eavesdroppers from easily listening in on conversations, although it should be noted that Skype already includes AES encryption by default. BKDR_METEO.HVN's fake encryption program is hosted at [censored]encription.sytes.net, which ultimately resolves into an IP address that has also been noted in connection with similar attacks.
Besides its URL, BKDR_METEO.HVN's website can also be identified by a hosted Youtube video that claims to be from 'IT Security Lab.' Of course, SpywareRemove.com malware researchers have confirmed that downloading and installing the relevant file, 'Skype Encription v 2.1.exe,' will not result in any added encryption or security for your Skype voice chats. Instead, BKDR_METEO.HVN will be installed onto your PC and cause the various changes noted earlier, as well as installing BKDR_ZAPCHAST.HVN (version 3.3 of the infamous DarkComet Trojan).
When Eagerness for More Security Can Result in a Total Razing of PC Safety
Even though BKDR_METEO.HVN doesn't install the latest version of the DarkComet Trojan, any variant of DarkComet, including BKDR_ZAPCHAST.HVN, has full-fledged backdoor Trojan capabilities that can be extremely dangerous for your computer. SpywareRemove.com malware experts have found that a successful BKDR_METEO.HVN attack can ultimately result in:
- Loss of personal information from a variety of spyware-related attacks, including keylogging (recording your keyboard input to a log file).
- Hosts file changes that can be exploited to redirect your browser to harmful websites after hijacking it.
- Disabled security software, with an emphasis on Windows tools like the Windows Firewall, Registry Editor, Task Manager and the UAC.
- Various other attacks that are accomplished via the external server-based control that's granted by any DarkComet RAT (Remote Administration Tool).
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Skype Encription v 2.1.exe
File name: Skype Encription v 2.1.exeSize: 1.08 MB (1083904 bytes)
MD5: 79cdf420419a08f791752c759f8e0613
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.