Excuse Me But Your Backdoor Is Showing….

We all need to download, update and install applications from the internet and consider that as part and parcel of normal IT activities. These applications can range from installing updates for Star Office/MS Office to browser add-ons like Flash and cross-platform reading tools like Adobe Acrobat Reader.

Take of instance, the following installation:

Going through the installation does not seem to indicate at all that anything is amiss and the setup appears to have been completed smoothly with no problems whatsoever.

In this instance, once the installation for this seemingly legitimate application is completed, it drops something much more sinister as we can all see in the following image (there’s very little left to the imagination as to what this little piece of malware that gets dropped onto the computer is going to do).

Thankfully, Sophos detect this backdoor pro-actively as Mal/EncPk-GT which would have stopped this backdoor in its tracks before it gets a chance to start its nefarious activities. Do note that not all of such malware can be so “kind” in that it is so easily spotted in plain sight, they can drop other malicious files like worms, viruses and even rootkits which make detection of such malware all the more difficult.

This serves as a chilling reminder that one must always take extreme caution when it comes to downloading and installing software as innocuous looking legitimate application installers can come bundled with malware. This is especially true if the installation software is downloaded from an untrusted source or from a website where the website is not known to be affiliated with the makers of the software.