Enfal is a backdoor Trojan that’s noted for its participation in the LURID downloader attacks that targeted over half a hundred countries with attempts to compromise PC security and steal information from government and industrial networks. While Enfal isn’t available to the public-at-large, the widespread nature of its attacked, coupled with evidence of its ongoing development, have led SpywareRemove.com malware experts (along with others in the industry) to suspect that Enfal is the product of a well-funded and potentially government-backed team of coders. Enfal uses advanced techniques to avoid detection while turning over the keys to your PC to a remote server, and, as such, should be considered a high-level threat to be deleted with appropriately-specialized anti-malware software.
Enfal: the Bad News that Just Keeps Coming Back
Enfal was first detected as far back as 2004, and, unlike most Trojans of its age, has been under semi-continuous development since that time, with observable alterations in its communication techniques and payload. SpywareRemove.com malware research team has found that Enfal’s distribution e-mail-based strategy has resulted in PCs sixty-one separate countries being infected to date, with prominent targets including the United States, Vietnam, Tibet and former members of the Soviet Union. Fortunately for some and less so for others, Enfal’s attacks appear to be targeted at specific industrial, government and NGO entities, rather than seeded throughout the wild in a manner that would affect personal computers.
E-mail messages that carry Enfal attack tend to do so by including the installer for Enfal as a specially-crafted Word document that exploits vulnerabilities specific to Microsoft Office. This allows TROJ_ARTIEF.JN, which displays itself as a DOC, to install Enfal whilst leaving no obvious symptoms of the attack. SpywareRemove.com malware analysts also note that the accompanying e-mail messages tend to use social engineering techniques to make TROJ_ARTIEF.JN look like a business, government or political information document.
What Opening Enfal’s Word File Can Cost You
Once we set Enfal’s sensational history aside, we can see that Enfal’s functions include the same ones that SpywareRemove.com malware researchers would expect to find from any sophisticated Trojan designed to compromise your PC. Common functions, features and attacks that are included in most variants of Enfal are noted as follows:
- Enfal can injects its own code into normal Windows processes, with a preference for explorer.exe. This allows Enfal to bypass security features and conceal its presence.
- Enfal may be used to download and install other types of hostile software on your computer, such as more-specialized-than-itself types of spyware, Trojans or rootkits.
- Enfal modifies the Registry so that Enfal can launch itself automatically.
- Criminals may use Enfal, through C&C servers, to control your PC’s actions by deleting files, renaming them, moving them or launching them without your permission. Access to your PC can also include access to private information.
Even though Enfal is an exceptionally ancient Trojan, the fact that SpywareRemove.com malware experts have seen new variants of Enfal even in 2012 means that you should be prepared to keep your anti-malware programs updated so that they can identify and delete Enfal, even in cases of the latest versions of the Enfal Trojan.
Enfal Automatic Detection Tool (Recommended)
Is your PC infected with Enfal? To safely & quickly detect Enfal, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Enfal What happens if Enfal does not let you open SpyHunter or blocks the Internet?
Posted: September 20, 2012 | By SpywareRemove
Threat Level: 7/10
Rate this article:
Detection Count: 23