TROJ_DIDKR.A
Posted: July 1, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 19,450 |
|---|---|
| Threat Level: | 9/10 |
| Infected PCs: | 26 |
| First Seen: | July 1, 2013 |
|---|---|
| Last Seen: | January 10, 2025 |
| OS(es) Affected: | Windows |
TROJ_DIDKR.A is a general label for various malicious components used for DDoS attacks, with the latest attacks targeting websites of the South Korean government. Closely related to the backdoor Trojan and file wiper Trojan.Korhigh, TROJ_DIDKR.A uses your PC's resources to enact sophisticated attacks for crashing websites without leaving much evidence of the assault. Because the majority of TROJ_DIDKR.A's components only are installed after a pre-configured timer has designated the time for the attack (with the last confirmed incident in the 25th of June 2013), TROJ_DIDKR.A can be difficult to detect until its attacks actually take place. SpywareRemove.com malware researchers encourage protecting your computer from all of the traditional infection vectors associated with such government saboteurs, and also recommend monitoring any automatic update systems for the possibility of compromises that could be used to infect the updating computers. Of course, you should use sophisticated anti-malware software for finding and deleting TROJ_DIDKR.A.
When Updating Your PC Can Come Back to Bite You in the Hard Drive
SpywareRemove.com malware research team always is quick to point out that non-updated PCs are especially vulnerable to attacks from exploit kits and other sources, but TROJ_DIDKR.A's attack campaign has used a unique infection strategy that places most PC users into an ironic 'catch 22' update choice. Automatic updater programs like Songsari_update.exe and SimDisk are compromised and forced to update with malicious files like TROJ_DIDKR.A – while still creating an appearance of being used for normal updates. Because these updaters run automatically, they provide an exceptionally easy means for criminals to infect targeted computers – as they already have done in recent attacks against South Korean systems.
A related PC threat, Trojan.Korhigh, has a payload that consists primarily of attacks against the infected PC (such as changing the desktop and deleting files), but SpywareRemove.com malware experts note that TROJ_DIDKR.A's primary functions are involved in attacking external websites. These Distributed-Denial-of-Service functions have used DNS packet-flooding techniques to crash two central DNS servers, thus bringing down multiple sites dependent on those servers simultaneously. Only websites that already had a cached record for the targeted name servers remained unaffected.
Observing the Ticks of TROJ_DIDKR.A's Timed Website Bomb
Previous infections involving TROJ_DIDKR.A Trojans have exploited a timer function that delays the installation of the majority of TROJ_DIDKR.A's components until the time of attack has arrived. This has allowed criminals (believed to be the hacker group DarkSeoul, also involved in past disk-wiping attack with Trojan.Jokra) to achieve a maximum effect with a minimum of symptoms that could be used to identify the infections prior to the DDoS assault's launch date.
Despite the advanced techniques used in both the installation and implementation of TROJ_DIDKR.A's attacks, SpywareRemove.com malware researchers still can recommend good anti-malware products for blocking TROJ_DIDKR.A, removing TROJ_DIDKR.A and, hopefully, preventing TROJ_DIDKR.A from carrying out any future attacks. Suitable security software also should be able to block website URLs related to TROJ_DIDKR.A, although the exact methods of the original compromises that resulted in infected auto-updaters have not been identified.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.