TROJ_ARTIEF.ZTBD-R
Posted: May 13, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 28 |
| First Seen: | May 13, 2014 |
|---|---|
| Last Seen: | September 9, 2019 |
| OS(es) Affected: | Windows |
TROJ_ARTIEF.ZTBD-R is a Word document that serves as a Trojan dropper: a Trojan that is a delivery mechanism for other, more advanced threats than itself. TROJ_ARTIEF.ZTBD-R's current campaign, which has targeted specific state institutions within Taiwan, has been confirmed to distribute backdoor trojans – but also can be exploited for other purposes. Whenever e-mail security protocols fail to detect and delete TROJ_ARTIEF.ZTBD-R, our malware experts recommend scanning your PC with anti-malware tools, which should be able to remove its payload without delay.
Why the Words in a Document aren't Your Top Concern
Although attacks by other techniques often are more subtle than a document exploit, Microsoft Office-based attacks often are favored by criminals who are interested in compromising the security of specific, high-value targets, such as a corporation or government agency. TROJ_ARTIEF.ZTBD-R is a RTF file distributed to members of the Taiwanese government via a disguise as an e-mail communication related to a national poll. Malware experts also have confirmed this Trojan dropper's use in campaigns attacking at least one educational institution in the same region, though these attacks are expected to be just one of several outcroppings of the ongoing 'Taidoor' malware project.
State employees who opened TROJ_ARTIEF.ZTBD-R allowed their machines to be compromised by multiple PC threats, eventually leading to the installation of a backdoor Trojan, currently identified as BKDR_SIMBOT.SMC. Other payloads from TROJ_ARTIEF.ZTBD-R attacks have included threats with spyware-related functions, allowing third parties to collect information. However, even a basic backdoor Trojan will allow the infected PC to be modified in ways that may place the safety of the system at risk.
Examples of some of the risks of a successful TROJ_ARTIEF.ZTBD-R attack may include:
- The distribution of threats throughout local networks or shared peripheral devices.
- The recording, and consequential gathering of any typed information (known as a keylogging attack), along with screen captures and other spyware-based activities.
- The possible modification or even deletion of files on the infected PC.
- Backdoor Trojans also may be accessories to the automatic installation of other software, including potential threats.
Patching Your Way out of TROJ_ARTIEF.ZTBD-R Problems
Because TROJ_ARTIEF.ZTBD-R uses an outdated exploit to attack your PC, patching Microsoft's Word will block TROJ_ARTIEF.ZTBD-R, although this is not a foolproof form of protection against all similar attacks. Due to how commonly-exploited they are for delivering PC threats like TROJ_ARTIEF.ZTBD-R, malware researchers also recommend scanning documents from e-mail sources that are potentially unsafe. Members of targeted or likely-to-be-targeted Taiwanese institutions also will want to be especially watchful for the social engineering tactics that accompany typical assaults from the Taidoor campaign, which often use message references specific to that country.
Unfortunately, backdoor Trojans related to TROJ_ARTIEF.ZTBD-R attacks are both flexible in terms of their capabilities, and difficult to identify on sight. Because of their emphasis on avoiding detection while compromising the wholesale security of a PC, deleting TROJ_ARTIEF.ZTBD-R payloads should be left to appropriate anti-malware tools.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.