HIPS/RegMod-012
Posted: May 30, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 54 |
| First Seen: | May 30, 2012 |
|---|---|
| OS(es) Affected: | Windows |
HIPS/RegMod-012 is a spyware-compromised version of Simurgh, an application that's widely-used in the Middle Eastern for protecting sensitive online communications. There are some telltale signs of the HIPS/RegMod-012-infected version of Simurgh that can immediately identify HIPS/RegMod-012, but this ironic compromise of privacy is particularly relevant for Middle Eastern Simurgh users in Iran and Syria – who are wont to use this application for protecting transmissions that risk criticism of their local government. Like all kinds of spyware, HIPS/RegMod-012 should be removed by a suitable anti-malware product once HIPS/RegMod-012 is discovered, and SpywareRemove.com malware analysts especially recommend avoiding any Simurgh installation files that are acquired through disreputable sources (such as P2P torrenting clients or websites with histories of malicious software distribution).
HIPS/RegMod-012: an Ironic Spy That Hides in a Privacy-Enhancing Application
HIPS/RegMod-012 is of particular danger to Syrian PC users due to its widespread distribution that region although HIPS/RegMod-012 is perfectly capable of attacking Windows computers in other regions, as well. While legitimate versions of Simurgh (available through the appropriate website) explicitly avoid an installation process to enable the program's easy usage in Internet cafes and similar venues, HIPS/RegMod-012-infected versions of Simurgh do use an installation process and as such, can be immediately recognized after the .exe file's launch. Compromised versions of Simurgh that include HIPS/RegMod-012 are typically distributed as .zip files that include the executable, as opposed to just the .exe file itself.
SpywareRemove.com malware researchers also take great pleasure from noting that Simurgh's development team is responsible for a secondary warning against HIPS/RegMod-012 attacks. While both infected and uninfected versions of Simurgh will open a web page to display the user's IP address, HIPS/RegMod-012-infected Simurgh programs will display a second line: 'Warning: Your Simurgh might be compromised' in red text. Watching for either of these two symptoms should let you catch HIPS/RegMod-012 before HIPS/RegMod-012 can accomplish its goals, which consist of opening backdoor exploits on your PC and stealing personal information by a variety of means.
The Danger of HIPS/RegMod-012 at a Personal Level
HIPS/RegMod-012 may not have the grand intentions of industrial sabotage that the Flamer worm appears to aspire towards, but for normal Simurgh users, HIPS/RegMod-012's aims are scarcely less terrible than a wiped scientist's hard drive. Because HIPS/RegMod-012 includes both backdoor Trojan and spyware-based attacks in its capabilities, SpywareRemove.com malware experts warn to be ready any and all of the following possibilities in any HIPS/RegMod-012 infection:
- The creation of a backdoor vulnerability that allows a remote server to take over control of your PC. This exploit can also enable the installation of other PC threats or transfer or sensitive information.
- The presence of a fake lsass.exe file (which is normally a component of Windows) that allows HIPS/RegMod-012 to remain open at all times.
- Sound-related malfunctions; SpywareRemove.com malware researchers have found that HIPS/RegMod-012 will delete a Windows startup .wav file that's shared by various programs, including IE.
- Multiple methods of stealing personal information, including keylogging attacks that record all keyboard input to a file that's sent to the remote server as noted earlier.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.