Trojan.Taidoor
Posted: September 21, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 32 |
| First Seen: | September 28, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Taidoor is a backdoor Trojan that's seen many variants through the years, with its attacks beginning in 2008 but still very-much-alive in 2012. Although past targets for Trojan.Taidoor attacks included various governments and business sectors, the most recent Trojan.Taidoor-based attacks appear to have shifted their focus to 'think tank' organizations. Infection methods for Trojan.Taidoor attacks have included both social-engineered e-mail messages and web page-based Java exploits. Like any backdoor Trojan, Trojan.Taidoor grants criminals access to your PC and can be used to transmit personal information or install other types of hostile programs without any symptoms or, of course, your consent. As a potential high-level threat, Trojan.Taidoor should be deleted with any anti-malware program that you can trust to do the job right – particularly since Trojan.Taidoor has been known to use multiple means of concealing its components.
Trojan.Taidoor: a Saboteur That Doesn't Care How It Gets to You
So far, Trojan.Taidoor's targets have included NGO research organizations, businesses in media/finance/manufacturing and even a few governments. Past Trojan.Taidoor attacks preferred to use spam e-mail messages, often with text that encouraged victims (via hoaxes such as news reports about Taiwanese weather disasters) to open a file attachment that installed Trojan.Taidoor. However, SpywareRemove.com malware experts have caught the latest infection points for Trojan.Taidoor using a new strategy: malicious Java code that's hosted on compromised and hostile sites. This code can be detected by the label Trojan.Maljava!gen24, and includes an unpatched (or zero-day) exploit for Java that installs Trojan.Taidoor.
Disabling Java can protect your computer from this last means of Trojan.Taidoor infection. However, it has been reported that the overall Trojan.Taidoor campaign uses many types of vulnerabilities to install its payload, including PDF and Microsoft Word-based exploits. Given the wide range of flexibility seen in Trojan.Taidoor attacks, SpywareRemove.com malware researchers can't recommend any single safeguard as a surefire defense against Trojan.Taidoor infections, although most anti-malware products should be able to detect and block both Trojan.Taidoor-related drive-by-downloads and Trojan droppers that install Trojan.Taidoor.
Where Trojan.Taidoor's Door Leads Your Computer
Trojan.Taidoor, which often uses file names that make Trojan.Taidoor appear as a Java update, alters the Registry so that Trojan.Taidoor can launch automatically. By inserting its code into an unrelated process (either svchost.exe or services.exe, in most cases), Trojan.Taidoor even prevents itself from having a memory process that could be seen from the Task Manager program. Afterward, Trojan.Taidoor makes contact with a remote C&C server, which has been established to allow criminals to compromise your PC during their apparently-regular 'working hours.' Some other Trojan.Taidoor attacks that SpywareRemove.com malware researchers believe are worth noting include:
- Trojan.Taidoor may download other malicious programs and install them on your computer – including programs with spyware features or the ability to alter your browser's web content.
- Trojan.Taidoor may be complicit in attacks that steal private information (passwords, account user names, etc) and, in fact, has been confirmed to automatically-collect basic system information for future attacks as one of its initial functions.
Complete removal of Trojan.Taidoor should use appropriate anti-malware software if at all possible. SpywareRemove.com malware research team also encourages you to attempt to disable Trojan.Taidoor before you scan your PC – since Trojan.Taidoor has been known to make attempts to detect specific brands of anti-malware products. Either a USB system boot or a reboot into Safe Mode can, hopefully, prevent Trojan.Taidoor from starting and provide you with a safe environment for deleting Trojan.Taidoor entirely.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.