Derusbi
Derusbi is a family of spyware and backdoor Trojans that include numerous features for collecting information related to online accounts. Between 2011 and 2014, Derusbi has been particularly well-used by Axiom, a well-organized hacker organization that some speculate has ties to the government of China. Regardless of its true origins, Derusbi is a high-level threat that gives third parties access to your computer, and you should follow thorough anti-malware protocols for blocking or removing Derusbi from any PC.
A Trojan in the Company of Ghosts and Monsters
Derusbi is a 'sidegrade' Trojan that duplicates many of the features found in related threats, such as the Gh0std RAT, Hydraq and Darkmoon. While using this redundancy to avoid the detection protocols for previously-known threats, Axiom has put Derusbi to work at collecting information from vulnerable PCs. The targets often preferred by Axiom include may include various nations' defense contractors, political activists against the Chinese government and even corporations like Google. Like all 'good' backdoor Trojans, Derusbi may be installed by other Trojans or, itself, install additional threats.
After compromising a PC, with fraudulent e-mail messages and browser-based exploits being its most likely assistants, Derusbi may modify the Registry to let itself launch automatically. Derusbi attacks some relevant security programs by deleting their Registry components automatically, and also may close other programs, when instructed to do so. However, many of Derusbi's other functions are espionage-based.
With respect to collecting information, malware experts see Derusbi transferring account passwords, login names and general system specifications. In a less specific sense, Derusbi also may gather other information by taking screenshots. The programs that may be targeted by Derusbi's data theft attacks include Internet Explorer, Outlook and MSN Messenger.
Getting Your Accounts Back from Chinese Trojans
It's rare for backdoor Trojans to have symptoms that would make their attacks immediately visible, and Derusbi, unfortunately, stays true to this characteristic. However, the third parties most well-known for using Derusbi attacks do have a noted preference for using e-mail attachment-based distribution methods, which you can cripple with both good security software and common sense. Alternative distribution models using compromised websites are not completely unknown, but non-Internet Explorer users should be at lessened risk of encountering these exploits.
Derusbi distributes itself in limited numbers aimed at highly-specific targets within relevant industries and government institutions. Even with this limited degree of distribution, Derusbi shouldn't be taken lightly, with its payloads including features easily capable of compromising crucial information to an extreme degree. Even after deleting Derusbi, you should be certain to change passwords and other security information that make up its most likely targets for transfer into third parties possession.
Derusbi is limited to infecting Windows PCs, but is compatible with Windows 95 up to modern versions of the OS. Despite that, it seems unlikely that Axiom or equally-proficient third parties would ignore other operating systems that come to their attention as potentially fruitful victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.