Home Malware Programs Trojans TROJ_ARTIEF.JN

TROJ_ARTIEF.JN

Posted: September 20, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 2
First Seen: September 20, 2012
OS(es) Affected: Windows

TROJ_ARTIEF.JN is a malicious Word document that's designed to install a recent variant of the Enfal Trojan. TROJ_ARTIEF.JN's distribution is handled by e-mail messages that are crafted to look like messages regarding relevant political issues or business/government agendas, with TROJ_ARTIEF.JN included as a seemingly-innocent DOC file attachment. Victims who open TROJ_ARTIEF.JN will find their PCs infected by Enfal without any symptoms of the attack, and Enfal will continue its assault by enabling its automatic startup coupled to a code-injection-based means of hiding itself. Because all variants of Enfal are advanced threats to your computer's safety, SpywareRemove.com malware research team recommends deleting TROJ_ARTIEF.JN e-mail messages whenever you see them or, if necessary, using anti-malware software to scan file attachments before you open them.

How TROJ_ARTIEF.JN Uses Word Against You

TROJ_ARTIEF.JN, like similar DOC-based Trojan droppers (such as TROJ_ARTIEF.EDX, TROJ_ARTIEF.ZIGS or TROJ_ARTIEF.LIN), uses Microsoft Office exploits to install its payload onto your computer. PCs without Word or PCs that have had Word patched to fix the corresponding vulnerability – IDed as CVE-2012-0158 – are safe from TROJ.ARTIEF.JN's attack. Because TROJ_ARTIEF.JN is a genuine DOC file, albeit a malicious one, even PC users who have their files set to display full file names and file types will be unable to detect TROJ_ARTIEF.JN's true nature by its name alone.

Templates for TROJ_ARTIEF.JN's e-mail messages tend to use social engineering tactics that are geared towards the specific countries and organizations that are being attacked, as in the case of a recent 'Second Special General Meeting of Tibetans' e-mail. However, SpywareRemove.com malware experts stress that Tibetans aren't the only ones in danger from TROJ_ARTIEF.JN, since similar Enfal attacks have been seen throughout much of the former Soviet Union and even in the United States. If you have the misfortune to fall for this cheap ploy and open TROJ_ARTIEF.JN, TROJ_ARTIEF.JN will install BKDR_MECIV.AF, one of the latest Enfal variants.

The Aftereffects of Opening TROJ_ARTIEF.JN's Little Document

Past variants of the Enfal Trojan that's installed by TROJ_ARTIEF.JN Trojans have been seen attacking a wide range of government agencies, industrial businesses and political activist organizations. With respect to BKDR_MECIV.AF attacks, the countries with the greatest confirmed numbers of infected PCs include Russia, Mongolia and Vietnam (the latter by several degrees of magnitude). However, smaller numbers of TROJ_ARTIEF.JN-caused infections have been found in other countries, such as the US and China.

Like all other types of Enfal, TROJ_ARTIEF.JN's payload includes functions that allow criminals to access and, to some extent, control your PC by using a remote attack or C&C server. You shouldn't expect to see any symptoms of BKDR_MECIV.AF's presence, since BKDR_MECIV.AF injects its code into normal Windows processes, launches itself automatically and attempts to avoid obvious visual or anti-malware-based detection. If you fail to delete the TROJ_ARTIEF.JN e-mail that distributes BKDR_MECIV.AF, SpywareRemove.com malware research team suggests scanning your PC with anti-malware products with a proven history of taking down high-level threats like Enfal.

Loading...