Home Malware Programs Backdoors Gen:Variant.Graftor.15447

Gen:Variant.Graftor.15447

Posted: March 13, 2012

Threat Metric

Threat Level: 8/10
Infected PCs: 47
First Seen: March 13, 2012
Last Seen: April 28, 2023
OS(es) Affected: Windows

Gen:Variant.Graftor.15447 is a backdoor Trojan that's used to gather access to (and command over) your PC by way of an external server. Although Gen:Variant.Graftor.15447 is distributed by spam e-mail file attachments, Gen:Variant.Graftor.15447 e-mail messages have avoided mass distribution and other methods of propagation that would raise the attention of most PC security companies. In addition, Gen:Variant.Graftor.15447's installation method, a technique that involves a Flash exploit and various forms of obfuscation, is unusually advanced and may lead to Gen:Variant.Graftor.15447 avoiding detection until Gen:Variant.Graftor.15447 is already installed. SpywareRemove.com malware analysts rate Gen:Variant.Graftor.15447, like all backdoor Trojans, as a high-level threat, but also note that you should be prepared to use strenuous system analysis and disinfection methods to remove Gen:Variant.Graftor.15447, since many PC security brands have yet to identify Gen:Variant.Graftor.15447 and the danger that Gen:Variant.Graftor.15447 represents.

Gen:Variant.Graftor.15447 – a Chinese Trojan That Capitalizes on Unrest in the Middle East

Gen:Variant.Graftor.15447 was first noted in mid-March of 2012, although many PC security companies have yet to identify Gen:Variant.Graftor.15447. Although Gen:Variant.Graftor.15447 may also be distributed by other means, SpywareRemove.com malware experts have found that Gen:Variant.Graftor.15447's most common distribution method is that of e-mail messages that include a fake 'Iran's Oil and Nuclear Situation.doc' file attachment. Instead of being a Word document, this file is a mislabeled Flash applet that uses an exploit (which Adobe has identified as CVE-2012-0754) to stream a fake mp4 file that's hosted on a remote server. In turn, this fake music file forces your PC to download and install the executable file that's embedded in the fake document. This executable turns out to be Gen:Variant.Graftor.15447, using a canny method of installation that can avoid many security utilities. As if all that wasn't hard enough to deal with, Gen:Variant.Graftor.15447 is also noted to use several types of code obfuscation to avoid detection by your anti-malware scanners after the fact.

However, the Flash exploit that's used to install Gen:Variant.Graftor.15447 has been patched by Adobe as of February 15th 2012. SpywareRemove.com malware researchers recommend keeping Flash updated, if you must keep Flash enabled on your PC, to insure that vulnerabilities that Gen:Variant.Graftor.15447 could exploit are disabled. Additionally, Gen:Variant.Graftor.15447's e-mail message does require that you download and open the fake .doc file of your own free will, which makes prevention of a Gen:Variant.Graftor.15447 infection much easier than removing Gen:Variant.Graftor.15447 would be.

What Could Happen If You Don't Catch Gen:Variant.Graftor.15447 in Time

Like other backdoor Trojans, Gen:Variant.Graftor.15447 allows criminals to control your PC from a remote location. Although Gen:Variant.Graftor.15447 hasn't been observed to have a distinctive payload, potential consequences of a Gen:Variant.Graftor.15447infection can include:

  • Disabled security software, such as Task Manager, anti-virus scanners or your firewall. Gen:Variant.Graftor.15447 may block these programs or simply change their settings to neuter their potency as security tools.
  • Loss of private information, such as bank data or account passwords, due to clandestine spyware attacks. These attacks may extend to recording your keyboard input, recording your webcam input or stealing information that's saved in relevant files (such as your web browser's cache).
  • The installation of other PC threats, such as browser hijackers, worms, viruses or fake security products.

Since Gen:Variant.Graftor.15447 is notably difficult to detect, SpywareRemove.com malware experts recommend that you choose the most advanced anti-malware program you can find and delete Gen:Variant.Graftor.15447 and any related PC threats.

Loading...