Home / malwarePDF  

Backdoor:Win32/Caphaw.D!lnk


First posted on 23 November 2012.
Source: Microsoft

Aliases :

Backdoor:Win32/Caphaw.D!lnk is also known as Troj/LnkDoc-A (Sophos).

Explanation :



Backdoor:Win32/Caphaw.D!lnk is a malicious link created by variants of the Backdoor:Win32/Caphaw family of backdoor trojans, such as Backdoor:Win32/Caphaw.D. These trojans allow backdoor access and control of your computer.

The shortcut link may lure you into inadvertently opening other malware by masquerading as a legitimate file in shared folders on your network.

For example, if the trojan found the file "Presentation_2012_FINAL.pptx", it hides that file so you cannot see it in Windows Explorer and creates a shortcut file with the name "Presentation_2012_FINAL.pptx.lnk".

In this way, you may be lured into clicking the shortcut, mistaking it for the original file. The shortcut will launch a copy of the malware variant along with the original file.

Backdoor:Win32/Caphaw.D!lnk may attempt to masquerade as existing Microsoft Office documents on your network that have the following extensions:

  • .DOC
  • .DOCX
  • .PPS
  • .PPSX
  • .PPT
  • .PPTX
  • .XLS
  • .XLSX


It may also masquerade as files that have the following extensions:

  • .BAT
  • .COM
  • .EXE




Analysis by Patrik Vicol

Last update 23 November 2012

 

TOP