BKDR_TENGO.A
Posted: May 13, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 1,686 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 126,436 |
First Seen: | May 13, 2013 |
---|---|
Last Seen: | October 17, 2023 |
OS(es) Affected: | Windows |
BKDR_TENGO.A is a new variant of Winnti, a backdoor trojan designed and distributing by a criminal organization of the same name. Like other versions of Winnti, BKDR_TENGO.A appears to be used primarily in targeted attacks that steal document-based information from various game-based companies. What sets BKDR_TENGO.A apart from previous versions of Winnti is its construction, which was enabled through AheadLib – a legitimate (but, obviously, exploitable) DLL analysis utility. BKDR_TENGO.A is not encrypted, and most anti-malware programs should be able to detect and remove BKDR_TENGO.A easily, but SpywareRemove.com malware researchers continue to rate BKDR_TENGO.A, as all forms of Winnti, as a high-level threat that's capable of stealing confidential information from your computer.
BKDR_TENGO.A: When a Windows File Isn't What It Seems to Be
In keeping with Winnti's past stratagems for concealing itself, BKDR_TENGO.A's file is disguised as a fake Windows system file, Winmm.dll, which normally is found on your computer as an enabler of some audio and joystick-based functions. The fake Winmm.dll known as BKDR_TENGO.A, however, actually is a backdoor trojan that specializes in stealing information from your computer.
Past Winnti attacks have been focused on various gaming companies with the intention of compromising any readily-accessible document data. BKDR_TENGO.A doesn't appear to diverge from this pattern in any meaningful way; as SpywareRemove.com malware researchers can confirm that BKDR_TENGO.A targets information that's held in PDF, TIFF and Microsoft Office files. In particular, BKDR_TENGO.A will try to target files that are stored in any removable flash drives (USB devices). While this information theft is the main focus of BKDR_TENGO.A and other forms of Winnti, it's also important to realize that BKDR_TENGO.A does include other functions, such as some basic backdoor attacks that can, in theory, allow an attacker to take over your PC. Previous Winnti attacks also have attempted to compromise PCs that are accessible via local networks.
Exploiting the Laziness of Criminals for Your PC's Safety
The Winnti gang has a reputation for preferring to target easily-compromised PCs, and usually doesn't make extreme efforts to protect their malware with sophisticated techniques. SpywareRemove.com malware experts have found that BKDR_TENGO.A continues this pattern by being completely unencrypted – an unusual trait for a backdoor trojan that can allow a good anti-malware program to detect BKDR_TENGO.A more easily than would be the case with more advanced PC threats, such as the average rootkit.
At the same time, BKDR_TENGO.A also is evidence that the Winnti campaign still is being developed and upgraded. SpywareRemove.com malware researchers recommend all the standard anti-malware and online security protocols be enacted as defenses against BKDR_TENGO.A attacks. This should be particularly considered for employees of both major and minor game development companies, which are the favored victims of BKDR_TENGO.A and past versions of Winnti.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.