Bladabindi is the given name of a group of malicious software belonging to the family of Remote Access Tools (RAT). The author has developed three versions of this RAT (VB.NET, VBS and AutoIt) and has liberated the source code, resulting in a wide number of software being derived from Bladabindi. There are different ways in which it can be spread, like Facebook’s messaging system or though suspicious software (crack, keygen, cheats for games, etc…) Once installed they can be used to remotely control a PC or to steal delicate information.
All these versions of Bladabindi are usually installed with an appealing icon, making it more probable that people will execute the program. Here are some examples of those icons:
Bladabindi goes all the way to search for different ways to surpass anti-virus vigilance. It also uses undocumented API to register itself as a critic process for your PC, thus if your try to stop it the whole system will be blocked. No wonder is so hard to remove it once is active on a computer. Bladabindi also acts like a BackDoor, it could:
- Use the webcam to take pictures
- Execute any given file in the PC
- Save a log of all keyboard use
- Take screenshots
- Install plugins
- Perform updates
- Uninstall software
- Restart a PC
As usual the best protections available against Bladabindi are to have a proper working anti-virus, and to be aware of the dangers of browsing the net.
If you think you have been infected with Bladabindi, follow all steps of the guide presented below.
View full solution