Home / malware Backdoor:Win32/Caphaw.D!lnk
First posted on 23 November 2012.
Source: MicrosoftAliases :
Backdoor:Win32/Caphaw.D!lnk is also known as Troj/LnkDoc-A (Sophos).
Explanation :
Backdoor:Win32/Caphaw.D!lnk is a malicious link created by variants of the Backdoor:Win32/Caphaw family of backdoor trojans, such as Backdoor:Win32/Caphaw.D. These trojans allow backdoor access and control of your computer.
The shortcut link may lure you into inadvertently opening other malware by masquerading as a legitimate file in shared folders on your network.
For example, if the trojan found the file "Presentation_2012_FINAL.pptx", it hides that file so you cannot see it in Windows Explorer and creates a shortcut file with the name "Presentation_2012_FINAL.pptx.lnk".
In this way, you may be lured into clicking the shortcut, mistaking it for the original file. The shortcut will launch a copy of the malware variant along with the original file.
Backdoor:Win32/Caphaw.D!lnk may attempt to masquerade as existing Microsoft Office documents on your network that have the following extensions:
- .DOC
- .DOCX
- .PPS
- .PPSX
- .PPT
- .PPTX
- .XLS
- .XLSX
It may also masquerade as files that have the following extensions:
- .BAT
- .COM
- .EXE
Analysis by Patrik Vicol
Last update 23 November 2012
