Home Malware Programs Backdoors Bublik

Bublik

Posted: January 30, 2013

Threat Metric

Threat Level: 6/10
Infected PCs: 36
First Seen: January 30, 2013
OS(es) Affected: Windows

Bublik is a general-purpose PC assailant that contains attributes of a worm, a backdoor Trojan and a Trojan downloader. Besides its own attacks, Bublik also benefits from the assistance of Kepsy, a related worm that helps distribute Bublik through instant messengers. Because Bublik is designed to compromise your PC to the highest extent possible, SpywareRemove.com malware experts strongly urge you to use proactive defenses against potential Bublik infections and, whenever it's necessary, make use of reliable anti-malware programs to remove Bublik if you do have any reason to think that Bublik infected your computer. Failure to delete Bublik in an adequate time frame can allow other malware to be installed, confidential information to be leaked or even permanent harm to be done to your PC.

Bublik: Giving You a Fresh Reason for Paranoia About Unfamiliar File Sources

As a worm, Bublik can handle its own distribution by installing itself on any PC that accesses a network-shared folder on a Bublik-infected computer. However, Bublik also uses a second means of transportation: the Kepsy worm, which spams out Skype messages that include links to Bublik installers. While malware analysts have found these attacks to be most prominent in the region of Japan, PCs outside of that country are just as vulnerable to Bublik, which is coded to be compatible with most Windows computers.

Bublik-infected folders will install Bublik automatically as soon as an uninfected PC accesses the location (without manually launching a file being necessary). Due to this risk, SpywareRemove.com malware researchers encourage any users of potentially Bublik-compromised computers to avoid sharing resources over local networks until the PC has been disinfected by a suitable anti-malware product.

What You're In for After a Skype Chat with Bublik

Bublik infections include, among other features, a backdoor vulnerability that can be exploited for the purpose of control over your computer. Attacks related to this feature of Bublik can include:

  • The download and installation of other malware, particularly spyware programs that steal personal information.
  • External control over your keyboard and/or mouse.
  • Visual surveillance of your screen display.
  • Browser redirect attacks that force undesired sites to load (or block intended sites).
  • Site-crashing DDoS attacks.
  • Non-consensual system reboots.

These attacks also may have side effects, such as poor system performance and instability, that can be caused by Bublik's usage of your system's resources. Finally, Bublik uses several methods to hide itself and protect itself from being deleted, with its ability to imitate the file names of Microsoft Office documents (and then hide the original documents) being a function that SpywareRemove.com malware research team considers being especially worthy of mention.

Containing Bublik by preventing Bublik from distributing itself through local networks should be thought of as one of the first steps in removing Bublik from your computer. Secondly, SpywareRemove.com malware experts suggest thorough system scans from appropriate anti-malware applications, which hopefully will be able to detect and remove all copies of Bublik.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



ab71b3cd3c631982cce440e4775c8609 File name: ab71b3cd3c631982cce440e4775c8609
Size: 71.68 KB (71680 bytes)
MD5: ab71b3cd3c631982cce440e4775c8609
Detection count: 65
Group: Malware file
Last Updated: February 25, 2013
167135943ca718cbbb2cb6e4f0576773 File name: 167135943ca718cbbb2cb6e4f0576773
Size: 128 KB (128000 bytes)
MD5: 167135943ca718cbbb2cb6e4f0576773
Detection count: 62
Group: Malware file
Last Updated: February 25, 2013
foto2.exe File name: foto2.exe
Size: 971.76 KB (971760 bytes)
MD5: 355e27b767b35abe58d37bc577987d2f
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 25, 2013
9ac68f053ceebdf18993a540ce4ac76b.exe File name: 9ac68f053ceebdf18993a540ce4ac76b.exe
Size: 68.6 KB (68608 bytes)
MD5: 7463812252fe676326e7553af7908d8f
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 25, 2013

Related Posts

Loading...