W32/Trojan2.NTLB
Posted: October 26, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 67 |
| First Seen: | October 26, 2012 |
|---|---|
| OS(es) Affected: | Windows |
W32/Trojan2.NTLB is a spyware-based Trojan that's distributed through e-mail spam as a PDF file attachment. Rather than stealing the banking account credentials that are popular targets for spyware like Trojan Zeus and Gozi, W32/Trojan2.NTLB targets FTP account information, which criminals can exploit to compromise websites and distribute PC threats. SpywareRemove.com malware researchers consider the sheer quantity of W32/Trojan2.NTLB's e-mail distribution to be W32/Trojan2.NTLB's most notable attribute, since W32/Trojan2.NTLB-related e-mail messages have surged up to staggeringly high levels. Due to the sophisticated nature of the defenses that W32/Trojan2.NTLB uses to conceal itself, W32/Trojan2.NTLB should be detected and deleted with a powerful anti-spyware program.
W32/Trojan2.NTLB and the Fax that You Definitely Need to Shred
Even though e-mail spam is a very common way of distributing many types of malware, W32/Trojan2.NTLB has gone above and beyond the norm, with one day's recently-recorded W32/Trojan2.NTLB attacks as much as quadrupling the total output of malware-distributing e-mail messages throughout the world. SpywareRemove.com malware analysts have seen these e-mail messages distribute W32/Trojan2.NTLB installers in two similar but distinct formats:
- As a malicious PDF file attachment. Although the PDF will display normally, it also takes actions that install W32/Trojan2.NTLB without your consent or symptoms.
- As a fake PDF file (in reality, a misnamed EXE) that's enclosed in an attached ZIP archive.
In either case, anti-malware programs can detect or delete these file attachments as variants of W32/Trojan2.NTLB. As usual, interacting with file attachments should use extreme caution, since this infection vector remains one of the well-trod paths for malware to use in their distribution.
Similarly, the templates for e-mail messages that distribute W32/Trojan2.NTLB can differ, although, so far, all known W32/Trojan2.NTLB-related spam uses office fax themes. In one case, you may receive a fake notification from eFax. In the other, you'll be notified about an incoming fax from a local Xerox machine. SpywareRemove.com malware analysts note that these excuses, while unlikely to fool casual PC users, are perfect for infiltrating the computers of businesses with lax Internet security.
What's Compromised When W32/Trojan2.NTLB's Fake Fax Works Its Magic
W32/Trojan2.NTLB is dedicated to stealing credentials and login information that's associated with FTP utilities. Even though SpywareRemove.com malware experts haven't found symptoms that are linked to W32/Trojan2.NTLB's attacks, a successful W32/Trojan2.NTLB infection can be responsible for hijacking your FTP account and any associated websites. These attacks often are used to make minor modifications to websites that force them to host exploits. Said exploits then redirect visitors to other malicious code that downloads and installs malware – often without symptoms displaying and almost always without the victim's consent.
After removing W32/Trojan2.NTLB with appropriate anti-malware tools, SpywareRemove.com malware researchers suggest that you look over any potentially compromised FTP accounts for malicious code and other unwanted changes. Even minor additions can result in redirects to harmful content and damage your website along with your business's reputation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.