Bkav Corporation has just announced the analysis which showed that malware attacking Vietnam Airlines – the nation's flag air carrier also appeared in many other organizations and businesses. Previously, July 29, Vietnam Airlines website was defaced with image of the hacker group 1937cn, data of more than 400,000 Golden Lotus customers was leaked online. Besides, audio and screen systems at Tan Son Nhat and Noi Bai, two bigest airports in Vietnam, were modified to spread distortions about the East Sea. Right at night of July 29th, in related writing on Vietnam leading cyber security forum WhiteHat.vn, Bkav experts said that to carry out this attack hacker had penetrated deeply into the system, using spyware to monitor and control the administrator's machine.
According to the analysis results of Bkav Malware Research department, malware after breaking into computers will deguise itself as an anti-virus software to hide for a long time without being detected.
Malware frequently connects to C&C server by sending data through domain Name.dcsvn.org (an imitation of the website of the Vietnam Communist Party) in which a name can be customised as per the specific names of organisation or busninesses.
The malware is capable of collecting accounts and passwords, receiving commands from hacker to control victim machine remotely, performing malicious actions such as deleting traces, changing audio files, displaying information on screen system, encrypting data etc. Additionally, malware also has components specialized to manipulate SQL databases.
Mr. Ngo Tuan Anh, Bkav Vice President in charge of Cyber Security, said: "Bkav has tracked spyware network carrying out Advanced Persistent Threat (APT) attacks in Vietnam since mid year 2012. The analysis result shows that malware attacking Vietnam Airlines also appeared in many organizations and businesses including government entities, corporations, banks, institutes and universities. This issue has been repeatedly warned by Bkav."
Currently, Bkav has released a free tool for scanning malware which can be downloaded at: Bkav.com.vn/ScanSpyware. This tool requires no installation. Bkav Endpoint and Bkav Internet Security user will be protected as these software are updated automatically with malicious patterns.