Recently, an erratic malicious file disguised as an Anti-Virus SW for DDoS has been found. This malicious file has been revealed that it doesn't have a function to DDoS attack, however, appearance of malicious file used social engineering technique can cause additional damage related DDoS.
2. Spreading path and symptoms of infection
First of all, recently found malicious file, known as spreading from Korean public web portal and forums, can also be spread as an attachment of e-mail or link in SNS.
General user can be seduced with its familiar icon. Furthermore, it was known of using "ALYAC"'s digital signature. Its various variants can be created and spread until now.
With the figure above, it pirated its icon and even set its company name as "Microsoft Corporation".
Upon infected, it will create additional malicious files.
Based on our analysis, this malicious file is expected to steal account information with using keylogging. Detailed analysis is on progress.
3. How to prevent
The most important thing is that user must have a big eye to avoid from malwares.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect AVS” and runs responding system against various security threats.