Trojan Upclicker

Posted: December 14, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	66

First Seen:	December 14, 2012
Last Seen:	June 16, 2022
OS(es) Affected:	Windows

Trojan Upclicker is a backdoor Trojan that establishes unauthorized contact with a remote server for the purpose of compromising your PC in various ways – such as stealing information, installing other malware or letting criminals control your operating system's major functions. With respect to its ability to evade automated anti-malware analyses, Trojan Upclicker is an exceptionally advanced Trojan, due to the inclusion of both memory process injection (a feature often used by rootkit components and banking trojans like Trojan Zeus) and a mouse-hooking function that guarantees that Trojan Upclicker will not run in most automated analysis environments. SpywareRemove.com malware researchers recommend that you use competent and updated anti-malware programs to find or remove Trojan Upclicker, which will not show any symptoms as Trojan Upclicker attacks your computer.

Why Trojan Upclicker is Watching When You Click... and When You Let Go

Trojan Upclicker was recently analyzed as a relatively new Trojan that makes use of mouse-hooking functions to avoid its detection in the sandbox environments that are commonly used by various PC security and anti-malware companies. As an upside to this defensive mechanism, Trojan Upclicker will remain inactive on any computer that doesn't use its mouse (a common trait of automated malware analysis environments). However, PCs that do use mouse input are vulnerable to Trojan Upclicker's attacks after an infection.

SpywareRemove.com malware research team has noted that Trojan Upclicker is only activated after the primary left click is released, which alerts Trojan Upclicker to inject its malicious code into Windows Explorer. Like many Trojans, Trojan Upclicker is specific to Windows and doesn't pose a threat to non-Windows OSes at this time. The injected code creates a hidden browser process that is used to contact a remote server. Meaningfully, Trojan Upclicker closes itself after Trojan Upclicker makes contact, which helps to prevent Trojan Upclicker from being detected afterward.

What a Little Extra Mouse-Clicking Activity Could Mean for Your PC

The unauthorized contact that Trojan Upclicker makes with remote servers can be exploited for other attacks. Your PC may be subjected to forced installations of rogue security programs, browser hijackers, banking trojans or other common types of malware. System settings also may be altered without your permission, and most ominously, such backdoor exploits even can be directly used to control your computer's ability to open, delete or modify files.

SpywareRemove.com malware researchers also have noted that the domain that Trojan Upclicker contacts, jumpingcrab.com, has a history of involvement with spam-related attacks that may be conducted by Trojans like Trojan Upclicker, itself. These attacks are not likely to show symptoms and, as noted previously, specifically try to avoid detection. As such, you should remove Trojan Upclicker with anti-malware products that are updated and capable of extensive analysis of your entire PC.

Trojan Upclicker

Threat Metric

Why Trojan Upclicker is Watching When You Click... and When You Let Go

What a Little Extra Mouse-Clicking Activity Could Mean for Your PC

Leave a Reply