OopsIE- A ThreeDollar malicious Trojan
Trojan | 05/24/2018

OopsIE- The Three Dollar Computer Infection

About: Oopsie is a malicious system Trojan designed by OilRig APT Group to specifically target Middle Eastern Financial organizations. Its sole purpose was to infiltrate the security systems of the targeted organizations to get remote access and tran...  Read More  

| Trojan | OopsIE- The Three Dollar Computer Infection

What is OopsIE Trojan?

OopsIE  is a malicious program that seek Back door entries to attack the targeted system or a Network. They rely on unsuspected attachments or programs and are mainly sent via Emails. Downloading or accessing these attachments help in execution of the Hidden Trojan Program.

OopsIE a vicious Trojan was deployed by a group of Iran-linked cyber-espionage group ‘OilRig’. The malware was designed to especially target Middle Eastern government organizations and financial and educational institutions.

Its sole purpose was to infiltrate the security systems of the targeted organizations to get remote access and transfer or modify sensitive information. However in each of these attacks the Trojan was delivered to the victim in different ways. Let us read about the attacks in detail.

How is the Trojan injected in the system?

Trojans mainly target information stored on the hard drive. It may be the OS Loader or user specific files, once targeted by the designed Trojan Task may result in awry. They are purposely used by Cyber criminals to destroy the OS loaders and to remotely access and steal sensitive user information.

The Trojan was intended to carry out 2 attacks: First one on an Insurance Company in the Middle East which was executed on January 8 2018. The second attack was observed a week later i.e. on January 16 2018 targeting Middle East financial institutions.

Three Dollar Delivery Document: The ThreeDollar document is a malicious email attachment that tricks the user into executing a malicious macro and install and execute the payload which was named OopsIE onto the system. The malicious activity runs behind a decoy image which is displayed to deter the victim from any suspicion.

This is a first variant of OopsIE Trojan used in the first attack against the Insurance Company in the Middle East. The Trojan was disguised as a spam email word document attachment. Two emails were delivered within a span of 6 minutes to two different addresses with the Subject ‘Beirut Insurance Seminar Invitation’. Downloading this malicious email attachment paved way to this trojan infiltration and perform the malicious act of stealing user information.

Link in the Phishing email: The second attack against Middle East financial institutions used a link in the phishing email which when clicked infiltrated the Trojan in the system to carry out malicious activities.

The Malware proliferation mechanism

In order to run on a system, the Trojan has to first create a VBScript file and a scheduled task to run itself every three minutes. The OopsIE Trojan communicates with the C&C over HTTP by using the Internet Explorer application object so as to make the request look as if it came from a legitimate browser.

The Trojan once injected can run three commands on the infected system:  Run command, upload a file, or download a specified file.

Hence the user is advised to be cautious and if possible install an authenticated malware tracker to increase the level of system security.

Threat Summary

  1. Name: OopsIE
  2. Browsers Affected: Google Chrome, Internet Explorer, Mozilla Firefox
  3. Targeted Operating System: Windows
  4. Category: Trojan
  5. Symptoms: OopsIE operates silently in the background to steal user sensitive information from the system. The virus impacts system performance and render it slow.

Steps to be followed to prohibit the entry of OopsIE Trojan in the system

Step A:  Update  your system software

Windows 7

  1. Click on the Windows icon present in the bottom left corner of the task bar to open up the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel dialog box.
  3. In the Control Panel dialog box click on the ‘View by:’ dropdown at the top right corner of the dialog box and Select the Large Icons
  4. Click on”Windows Update” link.
  5. After Windows Update opens, click “Check for Updates” button.
  6. Once Windows finishes checking for updates, click the “Install now” button.
  7. When the updates have finished installing, restart your computer (if prompted).

Windows 10

  1.  Click on the Search Box and type “Update” (you can also press Windows key + Q to bring up the search bar needed. This shortcut will launch the search function on your system). Windows Update Settings should appear in the results list. Click on it to launch the program.       
  2. Check for the Update Status. If Windows Update says your device is up to date, you have all the updates that are currently available. For more info about updates, click on View installed update history.
  3. Once the system software are updated click on Restart Now button to install the Updated software.

Step B:  Protect your system with Windows Defender

Windows 7

  1. Click on the Windows icon present in the bottom left corner of the task bar to open up the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel dialog box.
  3. In the Control Panel dialog box click on the ‘View by:’ dropdown at the top right corner of the dialog box and Select the Large Icons
  4. Click on the Windows Defender icon. This will open the windows defender dialog box.
  5. Click on ‘Check for updates now’ button. It will check for Updated definitions before scanning the system.
  6. Once the Defender is updated click on Scan Now button.
  7. This will take some time to scan the system for threats.
  8. Once the scanning is complete and no threats are found you will be notified with a message ‘No unwanted or harmful software detected’ in a Green Bar.
  9. If threats are found, you are recommended to use an antivirus to keep your system risk free.

Windows 10

  1. Click on the Search Box and type “Defender” (you can also press Windows key + Q to bring up the search bar needed. This shortcut will launch the search function on your system). Windows Defender Settings should appear in the results list. Click on it to launch the program. 
  2. In the Defender window click on Open Windows Defender Security Center button. This will launch  Windows Defender Security Center window.
  3. Click on Virus & Threat Protection icon, from the Windows Defender Security Center window.
  4. In the Virus and Threat Window that appears click on Quick scan button. This will scan the  system for Virus and other threats.
  5. System scan will take some time. Once the scanning is complete and no threats are found you will be notified with a message pop up at the bottom right corner of the window, ‘No threats were found’.
  6. If threats are found, you are recommended to use an antivirus to keep your system risk free

Tips to prevent your computer system from getting infected –

  1. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  2. Keep the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Avira and Sophos so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.

Hits: 134

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866