Gen:Variant.Graftor.15447
Posted: March 13, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 47 |
First Seen: | March 13, 2012 |
---|---|
Last Seen: | April 28, 2023 |
OS(es) Affected: | Windows |
Gen:Variant.Graftor.15447 is a backdoor Trojan that's used to gather access to (and command over) your PC by way of an external server. Although Gen:Variant.Graftor.15447 is distributed by spam e-mail file attachments, Gen:Variant.Graftor.15447 e-mail messages have avoided mass distribution and other methods of propagation that would raise the attention of most PC security companies. In addition, Gen:Variant.Graftor.15447's installation method, a technique that involves a Flash exploit and various forms of obfuscation, is unusually advanced and may lead to Gen:Variant.Graftor.15447 avoiding detection until Gen:Variant.Graftor.15447 is already installed. SpywareRemove.com malware analysts rate Gen:Variant.Graftor.15447, like all backdoor Trojans, as a high-level threat, but also note that you should be prepared to use strenuous system analysis and disinfection methods to remove Gen:Variant.Graftor.15447, since many PC security brands have yet to identify Gen:Variant.Graftor.15447 and the danger that Gen:Variant.Graftor.15447 represents.
Gen:Variant.Graftor.15447 – a Chinese Trojan That Capitalizes on Unrest in the Middle East
Gen:Variant.Graftor.15447 was first noted in mid-March of 2012, although many PC security companies have yet to identify Gen:Variant.Graftor.15447. Although Gen:Variant.Graftor.15447 may also be distributed by other means, SpywareRemove.com malware experts have found that Gen:Variant.Graftor.15447's most common distribution method is that of e-mail messages that include a fake 'Iran's Oil and Nuclear Situation.doc' file attachment. Instead of being a Word document, this file is a mislabeled Flash applet that uses an exploit (which Adobe has identified as CVE-2012-0754) to stream a fake mp4 file that's hosted on a remote server. In turn, this fake music file forces your PC to download and install the executable file that's embedded in the fake document. This executable turns out to be Gen:Variant.Graftor.15447, using a canny method of installation that can avoid many security utilities. As if all that wasn't hard enough to deal with, Gen:Variant.Graftor.15447 is also noted to use several types of code obfuscation to avoid detection by your anti-malware scanners after the fact.
However, the Flash exploit that's used to install Gen:Variant.Graftor.15447 has been patched by Adobe as of February 15th 2012. SpywareRemove.com malware researchers recommend keeping Flash updated, if you must keep Flash enabled on your PC, to insure that vulnerabilities that Gen:Variant.Graftor.15447 could exploit are disabled. Additionally, Gen:Variant.Graftor.15447's e-mail message does require that you download and open the fake .doc file of your own free will, which makes prevention of a Gen:Variant.Graftor.15447 infection much easier than removing Gen:Variant.Graftor.15447 would be.
What Could Happen If You Don't Catch Gen:Variant.Graftor.15447 in Time
Like other backdoor Trojans, Gen:Variant.Graftor.15447 allows criminals to control your PC from a remote location. Although Gen:Variant.Graftor.15447 hasn't been observed to have a distinctive payload, potential consequences of a Gen:Variant.Graftor.15447infection can include:
- Disabled security software, such as Task Manager, anti-virus scanners or your firewall. Gen:Variant.Graftor.15447 may block these programs or simply change their settings to neuter their potency as security tools.
- Loss of private information, such as bank data or account passwords, due to clandestine spyware attacks. These attacks may extend to recording your keyboard input, recording your webcam input or stealing information that's saved in relevant files (such as your web browser's cache).
- The installation of other PC threats, such as browser hijackers, worms, viruses or fake security products.
Since Gen:Variant.Graftor.15447 is notably difficult to detect, SpywareRemove.com malware experts recommend that you choose the most advanced anti-malware program you can find and delete Gen:Variant.Graftor.15447 and any related PC threats.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.