TROJ_ARTIEF.JN
Posted: September 20, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 2 |
First Seen: | September 20, 2012 |
---|---|
OS(es) Affected: | Windows |
TROJ_ARTIEF.JN is a malicious Word document that's designed to install a recent variant of the Enfal Trojan. TROJ_ARTIEF.JN's distribution is handled by e-mail messages that are crafted to look like messages regarding relevant political issues or business/government agendas, with TROJ_ARTIEF.JN included as a seemingly-innocent DOC file attachment. Victims who open TROJ_ARTIEF.JN will find their PCs infected by Enfal without any symptoms of the attack, and Enfal will continue its assault by enabling its automatic startup coupled to a code-injection-based means of hiding itself. Because all variants of Enfal are advanced threats to your computer's safety, SpywareRemove.com malware research team recommends deleting TROJ_ARTIEF.JN e-mail messages whenever you see them or, if necessary, using anti-malware software to scan file attachments before you open them.
How TROJ_ARTIEF.JN Uses Word Against You
TROJ_ARTIEF.JN, like similar DOC-based Trojan droppers (such as TROJ_ARTIEF.EDX, TROJ_ARTIEF.ZIGS or TROJ_ARTIEF.LIN), uses Microsoft Office exploits to install its payload onto your computer. PCs without Word or PCs that have had Word patched to fix the corresponding vulnerability – IDed as CVE-2012-0158 – are safe from TROJ.ARTIEF.JN's attack. Because TROJ_ARTIEF.JN is a genuine DOC file, albeit a malicious one, even PC users who have their files set to display full file names and file types will be unable to detect TROJ_ARTIEF.JN's true nature by its name alone.
Templates for TROJ_ARTIEF.JN's e-mail messages tend to use social engineering tactics that are geared towards the specific countries and organizations that are being attacked, as in the case of a recent 'Second Special General Meeting of Tibetans' e-mail. However, SpywareRemove.com malware experts stress that Tibetans aren't the only ones in danger from TROJ_ARTIEF.JN, since similar Enfal attacks have been seen throughout much of the former Soviet Union and even in the United States. If you have the misfortune to fall for this cheap ploy and open TROJ_ARTIEF.JN, TROJ_ARTIEF.JN will install BKDR_MECIV.AF, one of the latest Enfal variants.
The Aftereffects of Opening TROJ_ARTIEF.JN's Little Document
Past variants of the Enfal Trojan that's installed by TROJ_ARTIEF.JN Trojans have been seen attacking a wide range of government agencies, industrial businesses and political activist organizations. With respect to BKDR_MECIV.AF attacks, the countries with the greatest confirmed numbers of infected PCs include Russia, Mongolia and Vietnam (the latter by several degrees of magnitude). However, smaller numbers of TROJ_ARTIEF.JN-caused infections have been found in other countries, such as the US and China.
Like all other types of Enfal, TROJ_ARTIEF.JN's payload includes functions that allow criminals to access and, to some extent, control your PC by using a remote attack or C&C server. You shouldn't expect to see any symptoms of BKDR_MECIV.AF's presence, since BKDR_MECIV.AF injects its code into normal Windows processes, launches itself automatically and attempts to avoid obvious visual or anti-malware-based detection. If you fail to delete the TROJ_ARTIEF.JN e-mail that distributes BKDR_MECIV.AF, SpywareRemove.com malware research team suggests scanning your PC with anti-malware products with a proven history of taking down high-level threats like Enfal.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.