BEBLOH is a spyware that monitors a machine and can steal sensitive information and send gathered information to a remote server. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the downloaded files and, as a result, malicious routines of the downloaded files are exhibited on the affected system.
It also gathers information and reports it to its servers.
Click image to enlarge.
Antispam Pattern
LAYER | DETECTION | PATTERN VERSION | RELEASE DATE |
---|---|---|---|
EXPOSURE | All related email samples | AS1282 | 1/25/2015 |
VSAPI Pattern (Malicious File Detection)
LAYER | DETECTION | PATTERN VERSION | Release Date |
---|---|---|---|
INFECTION | TSPY_BEBLOH.SMM | OPR 12.409 | 3/17/2016 |
INFECTION | TSPY_BEBLOH.SMM1 | OPR 12.407 | 3/16/2016 |
INFECTION | TSPY_BEBLOH.SMM2 | OPR 12.407 | 3/16/2016 |
INFECTION | Mal_BEBLOH-1 | OPR 12.547 | 05/24/16 |
INFECTION | Mal_BEBLOH-2 | OPR 12.547 | 05/24/16 |
WRS Pattern (Malicious URL and Classification)
LAYER | URL | Score | Blocking Date |
---|---|---|---|
CLEAN-UP | uswmrmsu1fgdmm{blocked}.net | C&C | 3/2/2016 |
CLEAN-UP | espedidasalacarta{blocked}.com/ontv.exe | Disease Vector | 3/10/2016 |
AEGIS Pattern (Behavior Monitoring Pattern)
LAYER | Detection | Pattern Version | Release Date |
---|---|---|---|
DYNAMIC | 1933Q | OPR 1555 | 06/21/16 (Batch 1) |
Network Pattern
LAYER | Detection | Pattern Version | Release Date |
---|---|---|---|
CLEAN-UP | HTTP_BEBLOH_REQUEST-2 | RR 1.10155.00 | 4/13/2016DYNAMIC |
Solution Map - What should customers do?
Major Products | Versions | Virus Pattern | Behavior Monitoring | Web Reputation | DCT Pattern | Antispam Pattern | Network Pattern |
---|---|---|---|---|---|---|---|
OfficeScan | 10.6 and above | Update Pattern via web console | Update Pattern via web console | Enable Web Reputation Service* | Update Pattern via Web console | Not Applicable | Update Pattern via Web console |
Worry Free Business Suite | Standard | Not Applicable | |||||
Advanced/Messaging | Update Pattern via web console | ||||||
Hosted | |||||||
Deep Security | 8.0 and above | Not Applicable | Update Pattern via Web console | Not Applicable | Update Pattern via Web console | ||
ScanMail | SMEX 10 and later | Not Applicable | Update Pattern via Web console | Not Applicable | |||
SMD 5 and later | |||||||
InterScan Messaging | IMSVA 8.0 and above | ||||||
InterScan Web | IWSVA 6.0 and later | ||||||
Deep Discovery | DDI 3.0 and later | Not Applicable | Update Pattern via web console | ||||
DDAN | |||||||
DDEI |
Recommendations:
- Recommendations on how to best protect your network using Trend Micro products
- Submitting suspicious or undetected virus for file analysis to Technical Support using Threat Query Assessment
Threat Report