ELMER Trojan

The ELMER Trojan is a backdoor Trojan that lets attackers perform file-managing activities such as downloading or launching executables, usually, for placing other threats onto your computer. Its campaigns tend towards using e-mail-based infection vectors with crafted messages for the victims. Although it has no long-term persistence, users should have anti-malware products verify the removal of an ELMER Trojan, along with dealing with any other threats that it may install similarly.

E-Mailing the Backdoor into Your Computer

Phishing e-mails tend to be the inevitable infection vector that compromises even the most critical of government or business sector networks. Why it's so reliable is something that readers could examine in hundreds of examples, including the China-originating attacks of the ELMER Trojan. By combining software exploits with careful social engineering, the threat actors craft a delivery method for a Trojan that can leverage a backdoor. The possible attacks that such a payload can lead to after that are nearly infinite.

A standard format for an ELMER Trojan's delivering e-mail is a native-language-fluent message that copies a previous, legitimate source's article or notification, such as the contents of a well-known, Japanese national defense-themed site. Besides displaying a real document for distracting users, it also drops the ELMER Trojan or a similar threat. The attack uses either a zero-day or an unpatched weakness that's compatible with document formats like PDF or Word, such as the CVE-2015-1701 privilege escalation vulnerability.

The ELMER Trojan is, predominantly, another form of delivery vehicle, since it lacks any long-term persistence on an infected system. It traffics in HTTP over port 443 for its C&C communications, which threat actors use for dropping more enduring Trojans and spyware with deeper backdoor and information-collecting features. The immediate capabilities that malware experts find ELMER Trojans capable of employing include transferring files in both directions, executing them, and listing folders and memory processes for the threat actors.

Closing that E-mail before Trojans Close in On You

Spam e-mail can use links to copycat domains with similar, but incorrect addresses, in comparison to legitimate sites. The extremely regular exploitation of attachments, ones in document formats especially, makes further precautions whenever interacting with such downloads into a necessity for any user, but workers inside of private network especially. Installing updates for Microsoft Office software and related programs will keep most of the exploitable vulnerabilities to a minimum, although zero-day attack for delivering ELMER Trojan infections remain remotely possible.

While the ELMER Trojan's design isn't for lingering on a system permanently, users shouldn't assume that it will uninstall itself as intended. Appropriate responses to backdoor-capable threats like the ELMER Trojan include disabling network connections, both for preventing any additional infections and disrupting the Command & Control contact, and analyzing the infected system with appropriate security programs immediately. Typical anti-malware products of most brands include appropriate detection measures for deleting the ELMER Trojan and other Trojans that it may place on your PC according to an attacker's instructions.

While designing a successful phishing message takes time, it can result in rewards that threat actors can keep enjoying, as long as their presence remains under the radar. Thanks to 'temporary' backdoor Trojans like the ELMER Trojan, that's not difficult for them to do.