Trojan-Dropper.Win32.Datcaen.d

Even old PC threats still can be hazardous to modern PCs, and Trojan-Dropper.Win32.Datcaen.d is one of the latest examples of this truism at work: after being installed through e-mail, Trojan-Dropper.Win32.Datcaen.d installs Enfal, a backdoor Trojan that commonly is used to steal confidential information. Trojan-Dropper.Win32.Datcaen.d's attacks, like those of previous Enfal-based campaigns, appear to be targeted at specific government institutions and business industries, and casual PC users can consider themselves unlikely targets for Trojan-Dropper.Win32.Datcaen.d's e-mail attacks. However, probable victims should be particularly careful about opening unfamiliar text documents, and SpywareRemove.com malware experts always recommend using suitable anti-malware applications to remove Trojan-Dropper.Win32.Datcaen.d, Enfal and any other PC threats that could be related to these attacks.

Why Your Computer's Health Requires You to Be Attentive to Men's Health Issues

E-mail messages that are targeted to specific victims in key industries and government departments – as opposed to generalized spamming attacks – are Trojan-Dropper.Win32.Datcaen.d's main mode of transportation. E-mails carrying Trojan-Dropper.Win32.Datcaen.d have been known to use various disguises, some of which SpywareRemove.com malware analysts have confirmed in the list below:

• E-mails for Trojan-Dropper.Win32.Datcaen.d may be disguised as general 'Men's Health' articles.
• E-mails for Trojan-Dropper.Win32.Datcaen.d often include text in Cyrillic (a predominant alphabet script in Russia and neighboring countries).
• In some cases, e-mails for Trojan-Dropper.Win32.Datcaen.d can be themed after military topics of local importance such as prospective 'stealth frigates' commissioned by China.

The text document that's attached to these e-mail messages does include information that's related to the above topics, but also uses the MSCOMCTL.OCX RCE vulnerability to launch Trojan-Dropper.Win32.Datcaen.d, which is disguised as a Word update EXE. Trojan-Dropper.Win32.Datcaen.d then installs Enfal and enables it to launch whenever Windows starts – a series of attacks that, SpywareRemove.com malware experts emphasize, does not show any symptoms to detect visually.

Trojan-Dropper.Win32.Datcaen.d and the Elderly Payload that Still Has a Bite to It

Trojan-Dropper.Win32.Datcaen.d's payload, Enfal is a backdoor Trojan that SpywareRemove.com malware researchers and others in the industry have traced back to at least 2004. While many Trojans with nearly a decade under their belt wouldn't be especially dangerous to today's PCs, Enfal's attack campaign is well-organized and appears to be continuing development even (as of Trojan-Dropper.Win32.Datcaen.d's recorded attacks) up to the current year.

If you fall into one of the broad categories of probable victims of Trojan-Dropper.Win32.Datcaen.d and Enfal attacks, SpywareRemove.com malware researchers encourage you to be especially wary about opening unusual e-mail attachments. Always scan your attachments with a suitable anti-malware product prior to opening them, and use similar anti-malware programs to remove Trojan-Dropper.Win32.Datcaen.d along with Enfal if you do have any cause to think your PC might have fallen to this attack. Lastly, any information on a PC successfully attacked by Trojan-Dropper.Win32.Datcaen.d should be considered potentially compromised, and appropriate security measures should be enacted to prevent abuse of such data.

Technical Details