Icoscript
Posted: October 31, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 215 |
| First Seen: | October 31, 2014 |
|---|---|
| Last Seen: | December 8, 2022 |
| OS(es) Affected: | Windows |
Icoscript is a backdoor Trojan that may use free email services as a communication method between itself and its admin. Traditionally, Icoscript is used in limited numbers of attacks targeting specific institutions, but Icoscript has the same security-defeating capabilities of most RATs, and may allow third parties to control your computer or collect sensitive information. With the surfacing of new evidence of Icoscript attacks, protecting your PC from Icoscript or possessing anti-malware products that can delete Icoscript, may be more important than ever before.
The Trojan Ttat Drafts Its Communications – But Never 'Sends' Them
Icoscript is a small family of Trojans with limited distribution, although their uses in backdoor attacks may give third parties the ability to cause significant harm to infected PCs. Previous versions of Icoscript, found as far back as 2012, have used Yahoo's email services to gather instructions on coordinating their attacks, as well as to upload collected information for outsiders to use. New variants of Icoscript Trojans, as verified by malware analysts, have switched to Google's Gmail services, and use drafted, unsent messages for the same purposes.
Because most backdoor Trojans may use alternative methods of transmitting and receiving data, such as IRC protocols, some security products may fail to identify Icoscript appropriately. Icoscript's attacks also are disguised by the use of encryption and a concealed Internet Explorer window, which blocks the visible symptoms of its activities.
Victims of Icoscript's attacks may temporarily block Gmail to prevent its communications. However, Icoscript may continue to launch attacks as already instructed beforehand. Despite its low numbers of distribution, Icoscript may have significant potential for disrupting security features, blocking software or gathering crucial information (such as passwords for online accounts).
Keeping a Draft from Running Off with Your PC's Intel
Although Icoscript is unlikely to be in mass distribution to the general public, PCs in often-targeted organizations, such as the energy sector, are likely to be compromised. The consequence of such a campaign tends to be the theft of information of a profitable or highly-sensitive nature. Additionally, the continued production of Icoscript's new versions, including its Gmail-favoring variants, emphasizes that PC users also update their anti-malware products. Failing to take this precaution may prevent your anti-malware tools from detecting Icoscript, particularly considering its use of an entirely legitimate e-mail service for its communications.
Icoscript does not show any symptoms of its primary communications, nor are other attacks Icoscript is instructed to conduct necessarily visible to users of infected machines. PCs infrequently scanned by anti-malware solutions are vulnerable to Icoscript and other backdoor Trojans, which conduct infiltrations and interceptions of data that may be non-obvious in nature. However, the Icoscript family also lacks the advanced defenses of high-level threats, such as rootkits, and removing Icoscript should be well within the functionality of a good anti-malware product.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.