Win32/Gamarue

Gamarue is a backdoor Trojan that allows criminals to have a dangerous level of access to your PC. Gamarue's functions can include installing other malware, changing your system settings and stealing system information that can be exploited in future attacks. SpywareRemove.com malware researchers have seen Gamarue being distributed in multiple ways, but the most recent of Gamarue's attacks appear to use spam e-mail messages that pretend to be booking reservations for high-class European hotels. Recognizing and deleting Gamarue's e-mail spam is the best way to keep your PC safe, but if you do find your computer infected by Gamarue, anti-malware software should be used to delete Gamarue harmlessly.

Gamarue: Reserving Your Place in Line for Malware Attacks

Gamarue or Andromeda has been known to use varied templates for its e-mail spam and, in some cases, even drive-by-download kits like the Blackhole Exploit Kit. In general, anti-malware programs should be used to analyze any file attachment from a suspicious source and protect your browser in the event of contact with hostile sites. However, SpywareRemove.com malware experts have been able to identify some of the most current Gamarue attacks, which begin with fake hotel reservations.

These hotel reservations, sent through e-mail, are designed to look as though they're sent by Brenners Park-Hotel and Spa and similar high-class resorts, although the location may be incorrect (current templates list Brenners Park's location, incorrectly, as Austria rather than Germany). However, the biggest clue to the reservation's fraudulence should be the request to open an attached ZIP file, which SpywareRemove.com malware experts have found to be one of the most well-used infection vectors for malware.

Opening the archive will launch a temporary Trojan dropper, BKDR_ANDROM.P, that's designed to install Gamarue and then delete itself to avoid detection. There aren't symptoms associated with Gamarue Gamarue's presence – not even a visible memory process (since Gamarue infects itself into an unrelated system process).

What's Waiting for You at Your Stay in Gamarue Hotel

Gamarue includes a parcel of standard backdoor Trojan-related features, along with a module-based expansion feature that allows other functions to be added onto Gamarue by its criminal users. While some variants of Gamarue may display features besides the ones noted below, SpywareRemove.com malware analysts warn against the following attacks in particular:

• Gamarue may establish connections to up to six C&C servers that allow criminals to have access to your PC.
• System information (such as your operating system type) may be transmitted by Gamarue to the aforementioned C&C servers.
• Gamarue may download and install other malware.
• Perhaps most significantly as far as SpywareRemove.com malware experts are concerned, Gamarue has shown capabilities for Registry-altering behavior, which can allow Gamarue to disable other programs or change your security settings in negative ways.

The top victimized countries of Gamarue's last spam e-mail run include Germany, Australia, Singapore and Italy (listed in order of quantity of attacks). However, SpywareRemove.com malware experts note that Gamarue can run on PCs in other regions and is a danger to Windows versions from XP up to Windows 7 – both 32-bit and 64-bit versions.

Due to the usage of encryption, code injection and other defenses in a typical Gamarue infection, removing Gamarue should use suitably advanced anti-malware programs.

Technical Details