Wigon.PH_44
Posted: January 23, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 30 |
| First Seen: | January 23, 2014 |
|---|---|
| Last Seen: | May 16, 2021 |
| OS(es) Affected: | Windows |
Wigon.PH_44 is a new-found addition to the Cutwail family of spambot Trojans. Besides sharing many functions and structural details in common with other Cutwail Trojans, Wigon.PH_44 has some notable traits for itself, such as generating excessive network traffic to disguise its primary spambot attacks. Since Wigon.PH_44 includes Tepfer-based spyware components and may install additional kinds of threats, malware researchers consider it particularly urgent to uncover and remove Wigon.PH_44 with as little time wasted as possible. Wigon.PH_44's attacks are capable of causing significant symptoms, but aren't guaranteed to do so, and removing Wigon.PH_44 without specialized anti-malware tools is discouraged for the sake of your PC.
Wigon.PH_44: a New Cutwail with a Wig On
Although it took some time to confirm this, Wigon.PH_44 isn't an independent Trojan but an update to previous versions of Cutwail, whose installation often is handled through the Pushdo Trojan. Malware researchers have confirmed the use of misleading tactics for installing Wigon.PH_44, which proliferate through criminal websites and websites that have been hacked, using Flash, Java and other vulnerable platforms for installing threats automatically. After its installation, the Wigon.PH_44 Trojan's body includes three primary components:
- An initial memory process (a basic Windows component, svchost.exe, which Wigon.PH_44 launches, and then corrupts to include its attacks) is used for generating network activity that appears to be a simple decoy or misdirection technique, meant to distract users and security software from its other functions.
- A second component that's injected into svchost.exe processes similarly, is a variant of Tepfer, a form of spyware that malware experts have examined previously. Tepfer appears to be run temporarily, instead of as a permanent fixture, and may attempt to steal information from any accessible Web browsers, e-mail clients or popular FTP management programs. Passwords and other confidential information may be compromised.
- Last of all, Wigon.PH_44 also includes a third component, one which is responsible for the bulk of Cutwail-related activities. The Cutwail family particularly is associated with e-mail spam, and this final module is the one that generates these messages, which may distribute threats or links to profitable advertising content.
Stopping Your PC from Wigging out About Wigon.PH_44
As of January 2014, Wigon.PH_44 enjoys its greatest saturation in the United States, but malware researchers and other industry experts have confirmed smaller numbers of incidents in other nations. Symptoms of Wigon.PH_44 infections may be limited to the presence of additional svchost.exe memory processes, ranging from three to five processes, which can be viewed from Task Manager. However, because Svchost.exe isn't inherently threatening, you shouldn't assume that any case of its existence automatically indicates the presence of Wigon.PH_44 or other threat.
All traditional Web-browsing security tips are relevant for blocking the attacks responsible for Wigon.PH_44's installation, and e-mail security also is useful for avoiding the consequences of opening Wigon.PH_44's spam messages. If you believe that your PC could be compromised by Wigon.PH_44, malware analysts would suggest booting in Safe Mode and using anti-malware software to remove Wigon.PH_44 immediately, for the quickest means of disinfection possible.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.