Posted: October 29, 2014
Threat Metric
Threat Level: 8/10
Infected PCs 19

Sednit Description

Sednit (also IDed as Sofacy) is a group of backdoor Trojans that include spyware-related features for stealing confidential information from an infected PC. Sednit sees new development and distribution campaigns on an ongoing basis, with many of the latest exploiting hacked websites maintained by various European governments. Web-browsing security features and products are critical to blocking these kinds of attacks, and malware experts urge any individual with a potentially compromised machine to run anti-malware scans to remove Sednit immediately.

The Trojan Pawns Worth Worrying About

For the past seven years, Sednit has undergone updates to both its code and to its distribution tactics, with the bulk of the latter focused on compromising specific targets, rather than the general public. This sequence of threatening campaigns, which some institutions are referring to as 'Operation Pawn Storm,' uses both websites and e-mail messages to distribute Sednit to additional PCs. In the case of the latter, such as with the BKDR_SEDNIT.SM variant, the seeded e-mail messages were disguised as news documents for the Asia-Pacific Economic Cooperation.

Malware experts also can verify that multiple, legitimate sites have been compromised and forced to redirect to a Sednit dropper. The last known Sednit website campaign hacked Polish domains, although websites of other nationalities also are targets. Although such a distribution method easily could be employed against the public at large, Sednit's admins appear to focus on specific individuals in relevant institutions. Vulnerable organizations include military branches, the news media, defense contractors and various organizations opposing the Russian government.

After infiltrating the targets of its choosing, Sednit may be capable of the following attacks, amongst others:

  • Keylogging attacks may record any typed information, thereafter transferring it to a remote C&C server.
  • Sednit may install additional threats automatically.
  • A backdoor connection allows Sednit's administrators to issue commands to your PC for other attacks, such as disabling important security features.

Beating Sednit's Layers of Redundancy

Although lazier criminals often opt for a single distribution method, Sednit's administrators have histories of using multiple, redundant distribution methods for single attacks. In the event of a single exploit, or a Trojan failing to install Sednit, others may pick up the slack, providing Sednit with maximum coverage for any intended targets. In addition, since Sednit aims its attacks at specific PCs, its campaigns can go unnoticed for significant periods of time by website administrators or other, inadvertent parties to Sednit's distribution.

Malware researchers find no reason to recommend any defenses against Sednit other than possessing good browser security protocols, up-to-date software and general anti-malware protection. Removing Sednit and, for that matter, any similar backdoor Trojan, always should be done with appropriate anti-malware products whenever they're accessible. Further actions may need to be taken to re-secure any confidential information leaked by Sednit in the meantime.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Sednit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%COMMONPROGRAMFILES(x86)%\system\splm.dll\splm.dll File name: splm.dll
Size: 265.21 KB (265216 bytes)
MD5: ee64d3273f9b4d80020c24edcbbf961e
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Path: %COMMONPROGRAMFILES(x86)%\system\splm.dll\
Group: Malware file
Last Updated: June 26, 2020
file.exe File name: file.exe
Size: 147.96 KB (147968 bytes)
MD5: df895e6479abf85c4c65d7d3a2451ddb
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2014
C:\ProgramData\sdbn.dll File name: sdbn.dll
Size: 301.05 KB (301056 bytes)
MD5: 374896a75493a406eb427f35eec86fe5
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\ProgramData\
Group: Malware file
Last Updated: June 25, 2018
file.dll File name: file.dll
Size: 108.54 KB (108544 bytes)
MD5: 4b04b04c9d60bd2d75773298633f26e8
Detection count: 28
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: April 17, 2017

More files

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%LOCALAPPDATA%\CtlOptimization.exe%LOCALAPPDATA%\NetIds.dll

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.