BKDR_SIMBOT.SMC
Posted: May 13, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 14 |
First Seen: | May 13, 2014 |
---|---|
Last Seen: | February 18, 2021 |
OS(es) Affected: | Windows |
BKDR_SIMBOT.SMC is a backdoor Trojan most recently seen in attacks against certain branches of the Taiwanese government. All known disease vectors use email-based transmission methods, along with a Trojan dropper, TROJ_ARTIEF.ZTBD-R, hidden inside of attached files. Since BKDR_SIMBOT.SMC includes general backdoor functions suitable for compromising a PC's safety to a wide degree, malware researchers recommend detecting and deleting BKDR_SIMBOT.SMC with anti-malware utilities, in any case of suspected infection.
The Trojan Injection that Starts with a Poll
BKDR_SIMBOT.SMC is one of many, different attacks from the 2009-dated Taidoor campaign, which has used both social engineering tactics and targeted delivery methods to distribute a variety of security-negating Trojans. Typical for Taidoor, BKDR_SIMBOT.SMC's distribution can be traced back to e-mail messages sent out to Taiwan-based state employees. These e-mails referenced a regional poll to disguise themselves as plausible communications, and included file attachments: the Trojan dropper TROJ_ARTIEF.ZTBD-R.
TROJ_ARTIEF.ZTBD-R uses an outdated vulnerability (now patched by Microsoft) to launch other threats, including TROJ_SIMBOTENC.ZTBD-R and TROJ_SIMBOTLDR.ZTBD-R. The eventual payload delivered is BKDR_SIMBOT.SMC, which is injected into other memory processes by yet another PC threat, BKDR_SIMBOT.SMAZ.
The attack capabilities of BKDR_SIMBOT.SMC may include:
- BKDR_SIMBOT.SMC may contact multiple Web domains for the purpose of receiving instructions on further attacks. Examples of commands that BKDR_SIMBOT.SMC Trojans may execute include deleting files, modifying the Windows settings, uploading collected information or launching other threats.
- BKDR_SIMBOT.SMC also may use its Web connection to download and then launch new threats.
- The compromised PC's MAC address also may be automatically sent to the relevant C&C domains. Such an attack may indicate a potential for future attacks against the local network infrastructure.
Closing the Door on Another Case of a Taidoor Trojan
BKDR_SIMBOT.SMC is not necessarily original, but originality clearly is unnecessary for a successful Trojan attack – against the Taiwanese government or many, similar organizations. Since BKDR_SIMBOT.SMC's delivery method uses a currently outdated exploit, the usefulness of patching your Microsoft software cannot be overstated. Whether you choose to patch your software or not, malware researchers would recommend that the potential targets of Taidoor scan any e-mail file attachments that have the traditional traits of social engineering strategies.
BKDR_SIMBOT.SMC uses injection exploits for default Windows processes that always will be open, and may display few signs of unusual behavior. Disabling BKDR_SIMBOT.SMC with Safe Mode or other security methods may be mandatory, before removing BKDR_SIMBOT.SMC with proper anti-malware tools becomes practical. The removal of all related threats, such as BKDR_SIMBOT.SMAZ, TROJ_SIMBOTLDR.ZTBD-R, TROJ_SIMBOTENC.ZTBD-R and TROJ_ARTIEF.ZTBD-R, also should be undertaken at the same time.
If not removed, BKDR_SIMBOT.SMC is capable of many of the same attacks as other backdoor Trojans, and may allow criminals to modify your computer drastically, collect data or install other applications with specialized attack functions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.