Home Malware Programs Rootkits BlackEnergy


Posted: July 4, 2014

BlackEnergy is a family of rootkits and backdoor Trojans that may add new features through the inclusion of optional add-ons. While BlackEnergy is over half a decade old, BlackEnergy has gone through multiple, significant updates since its introduction, and currently appears to be engaged in targeted attacks against Eastern European governments. Malware researchers estimate that these attacks are meant to collect data, but BlackEnergy also may be used for other ends, and removing BlackEnergy through suitable anti-malware technologies is necessary for the safety of any computer.

When Threat Authors Direct Their Energies to E-mail Attacks

Malware experts see BlackEnergy Trojans in variants that may include or lack major rootkit functions (such as injecting a corrupted DLL file into Svchost.exe), but always incorporating the use of backdoor Trojan attacks. These attacks establish network connections that allow third parties to receive data uploaded from your PC by BlackEnergy, or allow them to install other threats or issue system commands. BlackEnergy is well-known for being used in DDoS attacks, spam campaigns and collection of bank account passwords. Nonetheless, its height of infamy was during cyber campaigns against the country of Georgia, as far back as 2008.

The newest version of BlackEnergy, which seems to have divested itself of most of its rootkit functions, currently appears to be distributed via e-mail attachments. As usual for this infection method, BlackEnergy is enclosed in a ZIP archive and disguised to look like a normal Word document. This new version of BlackEnergy also includes characteristics designed for compatibility with the Windows 8's security structure.

Dousing the Energy of Threats

Just as its past has ties to Eastern Europe and the conflict between the former Soviet Union and its satellites, BlackEnergy's new version has stayed in Europe, with recent attacks reported for Belgium: the not-so-coincidental headquarters of NATO. While BlackEnergy has widely-available 'kits' that people may use to construct their own variants of this Trojan, the most well-organized BlackEnergy campaigns seem to be the responsibility of a singular group of professionals, intent on infiltrating government machines.

During its installation, BlackEnergy also may open a harmless document file including a list of common passwords, which essentially verifies its distribution hoax as being disguised as a password-oriented security warning. Probable targets within the region should continue to abide by e-mail security protocols and scan potentially threatening file attachments with anti-malware solutions.

BlackEnergy's deletion also may require the deletion of additional threats, including a variety of modules meant to expand its attack features. Any anti-malware scans undertaken to remove BlackEnergy should be as thorough as possible, and removable hard drives also may be vulnerable. Considering its common use as a Trojan collector, malware experts also deem it wise to change important passwords associated with any BlackEnergy-infected machine.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BlackEnergy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.