Beendoor : Another Remote Access Trojan
In the cyber world crime, there are various Remote Access Trojan and Beendoor is one of them. First of all, it was registered by the malware researchers is February 2016. specifically, it has been created and developed by the group of Advanced Persistent Threat based in the Pakistan. This type of Trojan is used as one of several tools in phishing campaign aimed to attack at military facilities and Indian diplomatic envoys. This malware is mainly spread over the Internet via phishing emails that refer to video feeds, audio records and articles related to political, military and the economic topics of India.
|Threat Profile of Beendoor|
|Type||Remote Access Trojan|
|Discovered On||February 2016|
|Developed by||APT based in Pakistan|
|Related||ISMAgent, Unacev2.dll Winrar Virus, Win32:KadrBot etc.|
|Removal||Possible, to delete Beendoor easily and completely use Windows Scanner Tool.|
Beendoor Is Mainly Known To Exploit CVE-2012-0158 Vulnerability
The creators of Beendoor often sent the phishing emails to top-level Indian government site that include macro-enabled MS Words, weaponized Word documents, fake excel sheets, hyperlinked text and many more to lead victim to corrupt web pages. Beendoor developers is mainly known to exploit Computer's vulnerability named CVE-2012-0158 which also known as MSCOMCTL.OCX RCE Vulnerability. This System vulnerability is capable to infect all version of Microsoft Office, SQL Server, Commerce Server, BizTalk Server, Visual Basic and many more. The exploit of Beendoor allows it's attack to create MS Office documents, execute arbitrary code and load the web resources.
Beendoor Is Small In Size That Infects PC Secretly
Beendoor is another worst remote access Trojan that is too much small in size means just only 40KB. This malware is often packed as XMPP library file that mainly loaded by the scheduled task after the Windows start up. This malware may execute on your Windows machine under different name including wmplayer.exe, word.exe, winupdate.exe and svchost.exe. It supports almost all feature of remote access Trojan, some of it's basic features are :
- Permits hackers to download several malicious files to the infected hosts.
- Capture screenshots of desktop screen.
- Pull crucial data from infected Systems.
- Alters entire system, crucial and browser settings.
- Add and delete shortcut icon to desktop screen etc.
There are thousand of malicious feature of this malware, so expert's are strictly advised victim to delete Beendoor from their contaminated machine as soon as possible.