Mirage
Posted: September 24, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 48 |
| First Seen: | September 24, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Mirage is a backdoor Trojan that's currently utilized for industrial spying efforts in the energy, oil and military sectors. Like other attacks that target industrial/business PCs, Mirage appears to be designed by a competent group of hackers with steady funding and a brisk development cycle, and SpywareRemove.com malware researchers note that Mirage may be undetectable by insufficiently advanced or outdated anti-malware programs. Fortunately, Mirage's propagation uses an easily-identified entry point: e-mail spam that presents Mirage's installer as a PDF attachment. Because this is a very common means for distributing many types of malware, you should always scan such file attachments before opening them to protect your computer from both Mirage and many similar types of malicious software.
Mirage – Far from a Mere Illusion of Danger to Your Computer
Mirage's origins have yet to be determined with clarity, although it has been considered noteworthy by some that some of the proxy applications used by Mirage are of Chinese origin. As a backdoor Trojan that's purposed for attacks against specific industries, a la Stuxnet or Flame, Mirage can be considered a negligible danger to those who use PCs for personal entertainment purposes – at least, for the moment. However, Mirage's attacks have targeted many businesses in countries throughout the world, including Canada, northeast Africa, Taiwan and the Philippines. SpywareRemove.com malware researchers have found that preferential targets for Mirage appear to be associated with rights for oceanic resource development, such as oil and gas.
Mirage's attacks begin with humble e-mail messages that request that you download an included file attachment. Even though this file looks like a PDF file, it actually is an EXE with an inaccurate file name. Once it's launched, this file will display a real PDF file to cover up its installation of Mirage. SpywareRemove.com malware researchers can recommend displaying all file extensions to distinguish real PDFs from fake ones, and additionally encourage you to scan suspicious file attachments before opening them as a matter of habitual PC safety.
When PC Security Gets Exploited Against You by Mirage
Mirage uses some unusually-advanced security methods to protect itself, including making usage of SSL protocol (a security feature often used to protect passwords and other confidential transmissions of data) to make its attempts to contact a Command & Control server look like simple Google searches. Current estimates by Dell SecureWorks put the number of infected PCs at potentially over one hundred, and SpywareRemove.com malware researchers also emphasize that Mirage's attack campaign and development appear to be ongoing. Investigations into Mirage's attacks have revealed a number of associated Hotmail and Yahoo accounts, although confirmation of the identity of Mirage's hacker (or hackers) is still forthcoming.
Unfortunately, current research by SpywareRemove.com malware analysts and others hasn't yet revealed the specific information that Mirage apparently is being used to steal. However, like any Trojan of its type, the backdoor Trojan Mirage should be considered to be indicative of compromises to valuable and personal information until it can be verified otherwise, and Mirage infections always should be removed with appropriate anti-malware software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.