MSUpdater Trojan

The MSUpdater Trojan, usually contained in the file MSUpdater.exe, is a common component of various multi-component malware attacks, including various worms, browser hijackers and rootkit attacks. Various versions of the MSUpdater Trojan attack computer systems using the diversified Windows operating systems prior to Windows Vista; this is not to say that Windows Vista and Windows 7 are immune to the MSUpdater Trojan but that they are much more uncommon on these operating systems. The MSUpdater Trojan will usually enter the victim's computer system as a Browser Helper Object (BHO) for Internet Explorer, often through an attack website designed specifically to exploit weaknesses in the victim's security, through a social engineering attack or installed by other malware. While the MSUpdater Trojan can be removed automatically, this is a long process that can be quite tedious and that requires moderately advanced knowledge on computer security. Since the MSUpdater Trojan will usually be part of a large-scale malware attack with multiple components, ESG security researchers recommend, instead, automatic removal with the help of a reliable anti-malware application.

The MSUpdater Trojan was Linked to a Large-scale Spam Email Attack

In January and February of 2012, the MSUpdater Trojan was linked to a large/scale malware attack which, in conjunction with a Remote Access Tool, was sent to victims through a fake email invitation for a conference. These attacks were targeted at computer users affiliated with various branches of government. The attack took advantage of a zero-day security vulnerability in Adobe Reader, which allows criminals to inject malicious files through an innocuous PDF file. Since, traditionally, PDF files have not been considered dangerous, this attack had the potential of infecting even experienced computer users, especially if the social engineering aspect of the attack successfully reached a victim that could have some kind of connection to the conferences advertised in this fake email. The MSUpdater Trojan in particular serves the role in these attacks of spying on the victim and then uploading specific files to a remote server, as well as gathering information on the infected computer and sending it to this remote server as well. Unlike typical malware attacks, this MSUpdater Trojan attack seems to be aimed at high-level management or government positions in order to steal sensitive information that may prove valuable to competing industries or nations. Because of this, it is essential to avoid opening files attached to unsolicited emails, even if the file extension (PDF in this case) appears to be trustworthy.