Home Malware Programs Backdoors BKDR_SIMBOT.SMC

BKDR_SIMBOT.SMC

Posted: May 13, 2014

Threat Metric

Threat Level: 8/10
Infected PCs: 14
First Seen: May 13, 2014
Last Seen: February 18, 2021
OS(es) Affected: Windows


BKDR_SIMBOT.SMC is a backdoor Trojan most recently seen in attacks against certain branches of the Taiwanese government. All known disease vectors use email-based transmission methods, along with a Trojan dropper, TROJ_ARTIEF.ZTBD-R, hidden inside of attached files. Since BKDR_SIMBOT.SMC includes general backdoor functions suitable for compromising a PC's safety to a wide degree, malware researchers recommend detecting and deleting BKDR_SIMBOT.SMC with anti-malware utilities, in any case of suspected infection.

The Trojan Injection that Starts with a Poll

BKDR_SIMBOT.SMC is one of many, different attacks from the 2009-dated Taidoor campaign, which has used both social engineering tactics and targeted delivery methods to distribute a variety of security-negating Trojans. Typical for Taidoor, BKDR_SIMBOT.SMC's distribution can be traced back to e-mail messages sent out to Taiwan-based state employees. These e-mails referenced a regional poll to disguise themselves as plausible communications, and included file attachments: the Trojan dropper TROJ_ARTIEF.ZTBD-R.

TROJ_ARTIEF.ZTBD-R uses an outdated vulnerability (now patched by Microsoft) to launch other threats, including TROJ_SIMBOTENC.ZTBD-R and TROJ_SIMBOTLDR.ZTBD-R. The eventual payload delivered is BKDR_SIMBOT.SMC, which is injected into other memory processes by yet another PC threat, BKDR_SIMBOT.SMAZ.

The attack capabilities of BKDR_SIMBOT.SMC may include:

  • BKDR_SIMBOT.SMC may contact multiple Web domains for the purpose of receiving instructions on further attacks. Examples of commands that BKDR_SIMBOT.SMC Trojans may execute include deleting files, modifying the Windows settings, uploading collected information or launching other threats.
  • BKDR_SIMBOT.SMC also may use its Web connection to download and then launch new threats.
  • The compromised PC's MAC address also may be automatically sent to the relevant C&C domains. Such an attack may indicate a potential for future attacks against the local network infrastructure.

Closing the Door on Another Case of a Taidoor Trojan

BKDR_SIMBOT.SMC is not necessarily original, but originality clearly is unnecessary for a successful Trojan attack – against the Taiwanese government or many, similar organizations. Since BKDR_SIMBOT.SMC's delivery method uses a currently outdated exploit, the usefulness of patching your Microsoft software cannot be overstated. Whether you choose to patch your software or not, malware researchers would recommend that the potential targets of Taidoor scan any e-mail file attachments that have the traditional traits of social engineering strategies.

BKDR_SIMBOT.SMC uses injection exploits for default Windows processes that always will be open, and may display few signs of unusual behavior. Disabling BKDR_SIMBOT.SMC with Safe Mode or other security methods may be mandatory, before removing BKDR_SIMBOT.SMC with proper anti-malware tools becomes practical. The removal of all related threats, such as BKDR_SIMBOT.SMAZ, TROJ_SIMBOTLDR.ZTBD-R, TROJ_SIMBOTENC.ZTBD-R and TROJ_ARTIEF.ZTBD-R, also should be undertaken at the same time.

If not removed, BKDR_SIMBOT.SMC is capable of many of the same attacks as other backdoor Trojans, and may allow criminals to modify your computer drastically, collect data or install other applications with specialized attack functions.

Loading...