Motsob
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 12 |
| First Seen: | April 22, 2013 |
| Last Seen: | September 26, 2022 |
| OS(es) Affected: | Windows |
The Motsob Trojan is part of a Java-based malware attack that redirects computer users to an attack website in order to install dangerous Trojans on the victim's computer. Motsob has been associated with social engineering attacks involving the explosion of a fertilizer plant in Waco, Texas. Victims are enticed to click on a link leading to a news video with sensationalist subject lines referencing this unfortunate news event. However, clicking on the link actually leads to a Motsob attack which infects the victim's computer with a variety of Trojans and worms that pose a severe threat to the victim's computer and privacy. There have been Motsob attacks in association with other breaking news stories, the most recent of which is the bombing of the Boston Marathon.
The social engineering aspect of the Motsob attack is probably the most important part of its infection process. Motsob is distributed in spam email messages that use subject lines that reference the explosion of a fertilizer plant in Waco, Texas. The contents of the malicious email messages are simply embedded links. These links are composed of an IP address, and the ending '/news.html' or 'video.html'. Clicking on the link leads to a website containing several embedded YouTube videos. It is important to note that these videos are a distraction from the real attack. The aforementioned website contains a small iFrame that loads content from a dangerous attack website in the background. While the victim is viewing the embedded news videos, the iFrame is launching an attack in the background meant to install Motsob on the victim's computer. ESG security researchers have observed these kinds of attacks associated with most important breaking stories in the last couple of years, ranging from the launch of a new gadget (such as the iPhone 5) to world-changing news stories such as the Libyan rebellion or the election of a new pope.
The malicious iFrame associated with the Motsob attack loads content from a website using the RedKit Exploit Kit. This Exploit kit attempts to exploit vulnerabilities in the victim's computer to install malware. The main vulnerabilities exploited by the RedKit exploit pack include vulnerabilities in the Java and Adobe Reader, meaning that it will try to load malicious JAR and PDF files into the victim's computer.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.