Home Malware Programs Malware Moudour

Moudour

Posted: October 31, 2014

Moudour is a RAT – or a Remote Access Trojan – that gives third parties extensive access to an infected PC, including functions for confiscating information. Because of its basis on a Trojan-construction kit, Moudour may be found in diverse circumstances with minor variations in traits such as its file names. No matter where or how you find Moudour, malware experts categorize this Trojan as a high-level threat, and removing Moudour through dependable anti-malware software is urgently recommended.

The Trojan Ghost in Your Machine

Moudour, more often known by its alias of Gh0st, is a RAT used for both giving third parties control over an infected PC and gathering sensitive information. Moudour's data-recording capabilities extend to taking screen captures, keylogging and capturing webcam input, but Moudour also may be used to issue system commands, enumerate files or download other threats. Symptoms of all of these functions rarely are visible, although malware experts do note that, as a toolkit byproduct, Moudour's behavior may differ in individual cases.

Significant Moudour campaigns may begin through e-mail, where the original installer is a disguised Microsoft Office file carrying embedded vulnerabilities. Unprotected PCs that launch these files allow Moudour, and possibly other threats, such as Backdoor.ADDNEW, to be installed automatically. Although Moudour may be equally effective against the public at large, its headline-grabbing fame largely is due to its use against non-profit organizations, governmental agencies opposed to the Chinese government and various large-scale corporations. Even as long ago as 2009, over one thousand separate machines were estimated to harbor Moudour infections. In 2014, Moudour still is a more than credible threat to any PC due to the extensive attack features built into Moudour by default.

An Exorcism for a PC with Moudour Problems

One organization known for using Moudour is Axiom, a group that has hacked websites and abused stolen e-mail addresses in campaigns targeting specifically-placed victims in areas like the United States national defense and the Tibetan government. Although Axiom rotates through many types of backdoor-capable Trojans, Moudour is one of the most potent pieces of malware in its toolkit, rating equally with the PoisonIvy RAT as an immediate and all-encompassing security risk. Moudour's associated network, the so-called GhostNet, has been tied to attacks against disparate regions of the globe ranging from India to New York.

E-mail security steps, such as scanning file attachments unconfirmed for safety, may detect the usual entrance methods exploited by a Moudour campaign's actors – including Axiom. Doing so is ideal, since an already-installed Moudour may show few or no symptoms of its attacks, even while allowing third parties to peruse data and modify your system files at their leisure. Although Moudour is nowhere near a new threat, its persistence shows that organizations like Axiom make the fight against threats as much about patching security tools to detect new variants as it is about detecting brand-new threats.

Loading...