Home Malware Programs Trojans MSUpdater Trojan

MSUpdater Trojan

Posted: February 8, 2012

Threat Metric

Threat Level: 8/10
Infected PCs: 97
First Seen: February 4, 2012
OS(es) Affected: Windows

MSUpdater Trojan is a Remote Administration Tool (abbreviated as RAT) that attempts to steal personal information, upload identifying information to remote servers and create vulnerabilities that can be exploited by hackers. Although similar Trojans have been in distribution for years, MSUpdater Trojan was only recently identified in February of 2012 due to a series of mass-mailed e-mail attacks. MSUpdater Trojan e-mail messages may fake being conference invitations, although the MSUpdater Trojan can easily be identified by its presence as a mislabeled file attachment. SpywareRemove.com malware experts recommend that you delete MSUpdater Trojan with appropriate anti-malware software if you've opened such a file attachment or have any other reason to believe that MSUpdater Trojan might be on your computer; failure to remove MSUpdater Trojan appropriately may result in loss of passwords and other types of sensitive information, in addition to serve as an invitation for hackers to exert control over your PC.

A Tempting Invitation for Your Computer's Doom

As of early February 2012, MSUpdater Trojan has been noted for using e-mail-based attacks to propagate throughout the web; these attacks, like many other Trojan attacks, use PDF file attachments that must be downloaded and opened before the attack can trigger. Being cautious around links and file attachments from unusual sources is the easiest way to avoid a MSUpdater Trojan infection, although once MSUpdater Trojan has been installed, using anti-malware software should be considered the best way to remedy the situation. Current templates for MSUpdater Trojan e-mail messages use the lure of a fake conference for government-associated institutions, with the claim that the recipient's invitation is enclosed in the attached PDF.

The PDF file format is, in fact, central to MSUpdater Trojan's installation, since SpywareRemove.com malware researchers have noted that this file uses Adobe Reader-specific exploits to deliver MSUpdater Trojan. Although these exploits have been patched by Adobe not just once, but multiple times, MSUpdater Trojan's criminal coders have updated the exploit to a fresh zero-day vulnerability after every patch. Hence, although patching your software can help to protect against outdated MSUpdater Trojan attacks, the only defense against a brand-new MSUpdater Trojan attack is to have appropriate security software or to prevent Adobe Reader from being installed on your computer at all. Current exploits trick anti-malware software into treating the MSUpdater Trojan as a normal Windows update, hence the Trojan's name.

The Conference That Takes Everything That Your PC Can Give It

As both a Trojan and a RAT, MSUpdater Trojan uses an outside server to receive its instructions for future attacks and may also use this server to upload stolen information or to download other PC threats. As long as MSUpdater Trojan is on your PC, you should assume that backdoor vulnerabilities are in place that would allow hackers to control your computer, and SpywareRemove.com malware experts recommend that you treat MSUpdater Trojan as a high-level threat until MSUpdater Trojan is removed. MSUpdater Trojan has also been noted to scan for specific files that are likely to contain sensitive information, and you may wish to change passwords and other types of personal credentials after you've deleted the MSUpdater Trojan infection.

MSUpdater Trojan and closely related PC threats may also be identified by a range of different names, depending on the version of MSUpdater Trojan that's involved and the type of anti-malware product that you use to find MSUpdater Trojan. Examples of MSUpdater Trojan's aliases and commonly accompanying Trojans include Trojan.Win32.Scar.cpkp, Backdoor:Win32/Isnup.B, Win-Trojan/Injector.17920.AZ, Mal/Ovoxual-A, Mal/Ovoxual-B, Voronezh.1600.A, Troj/Otlard-A and Trojan-Downloader.Win32.Small.apou.

Related Posts

Loading...