Security researchers warn users of Win32/Bayrob trojan

  • Win32/Bayrob trojan has been intensely targeting users since mid-December 2015
  • Cyber criminals behind the attack seek financial benefits: they look for debit and credit card details, online banking login and password
  • So far attackers have focused mainly on Europe, South Africa, Australia and New Zealand with Germany and Spain being two of the countries most affected 

MUMBAI, India – February 18, 2016 – Following the security alert from ESET, a global security software provider, ESS Distribution, the leading provider of security software, data backup and recovery solutions in India, warns Internet users of a new cyber threat aiming at users’ financial data – Win32/Bayrob Trojan.

Win32/Bayrob has been intensely targeting several countries since the middle of December 2015. The malware is distributed via malicious attachment in an email trying to impersonate Amazon. ESET’s Josep Albors detailed the nefarious activities of the Bayrob trojan in ESET official blog:

According to Albors, Win32/Bayrob is distributed using a classic attack vector: for example, as a malicious attachment in an email. In some cases, the emails are pretender to be from Amazon (however, the sender’s email address reveals that do not belong to Amazon).

The e-mails may have a ZIP file attached with an executable file, which turns out to be a malware file. If user runs it, it may take malicious actions on the system while showing the following error message to make the victim believe that he or she downloaded a file that cannot be used on the system.

Top Threats India January 2016 1

According to ESET researches, one of the feature of Win32/Bayrob is that it can generate various URLs in addition to the one used to contact the remote computer controlled by the attackers. Some of the URLs found by researchers belongs to Amazon Japan which could be related to the fact that the attackers might be using a rented server to control and send commands to the infected machines that belong to the Amazon Web Services infrastructure. However, this does not mean that any Amazon server has been compromised but suggests that the criminals behind this campaign are using (and paying for) an existing web service infrastructure provided by Amazon Japan, Josep Albors notes.

Although Win32/Bayrob detection was high in Europe but not in Asia, users should be aware of such threats,” Zakir Hussain, Head of ESS Distribution said. “As a security solution provider we encourage users to pay more attention to what they browse online or download from the Internet or email. Even sophisticated attacks can be recognized and avoided this way.”

According to ESET Virus Radar, a real-time threat-monitoring site, Indian users were not exposed to Win32/Bayrob threat extensively. The most common threats in India are Win32/Bundpil worm, Win32/Sality virus, LNK/Agent.BZ and LNK/Agent.BS trojans as well as INF/Autorun, the most common variety of malware using the autorun.inf file as a way to compromise a PC.

Top Threats India January 2016

Top Threats India January 2016

# # #

About ESS Distribution & ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires.

In India ESET products are exclusively supplied and supported by ESS Distribution Pvt Ltd. The sales of ESET products are executed through the Channel Partners across India. For more information, visit:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: