Swifti
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 4,608 |
Threat Level: | 90 % (High) |
Infected Computers: | 61,215 |
First Seen: | February 12, 2015 |
Last Seen: | September 19, 2023 |
OS(es) Affected: | Windows |
Swifti is a Trojan infection that has been linked to a recently uncovered vulnerability in Adobe Flash Player. The main purpose of Swifti is to distribute adware and to expand a botnet that would include the infected computer. Although Swifti is fairly generic, the Flash Player vulnerability associated with Swifti has garnered quite a bit of attention due to its potential for exploitation.
Table of Contents
The Flash Vulnerability Linked to Swifti
An exploit kit known as Angler Exploit Kit has been using a zero-day flaw in Flash Player to distribute the Swifti Trojan. Angler is the successor of the infamous Black Hole Exploit Kit, which met its demise in 2014. Malware analysts were alarmed when they uncovered an Angler variant that exploits three flaws in Flash Player, of which only two had been patched by Adobe. This has made computers vulnerable to these attacks when exposed to threatening content.
Why Flash has been Targeted in these Types of Attacks
Flash and other third-party platforms (such as Java) are common targets for threat attacks and exploit kits. There are several reasons for this. A crucial one is that Flash runs in all popular Web browsers and is also available in different operating systems. This means that threats that are distributed using Flash vulnerabilities (such as Swifti) may reach a wider swath of victims by exploiting Flash than by exploiting a specific Web browser or operating system. The fact that Swifti is being distributed using a zero-day exploit has made these infections particularly alarming. Swifti is not especially threatening or harmful. In fact, Swifti has been around in some variant or another since 2009, with its last update occurring in 2015. However, the distribution method and exploits used to deliver Swifti via exploit kits have caught the attention of PC security researchers and increased the profile of the Swifti Trojan.
Characteristics of Swifti and Security Issues Associated with this Trojan’s Distribution
The exploit that is being used to distribute Swifti may affect only specific operating systems and Web browsers. The exploit associated with Swifti may be used to install this Trojan on computers using Windows XP combined with Internet Explorer 6 or 8, Windows 7 with Internet Explorer 8, Windows 8 with Internet Explorer 10, and the Windows8-RT-KB3008925-x86 update. In the specific variant of Angler that has been analyzed, Windows 8.1 and Google Chrome are not affected by this exploit. However, it is highly likely that Angler may be upgraded in future releases to target a wider variety of operating systems and Web browsers with this vulnerability. A patch for this vulnerability has not yet been released, making computer users vulnerable to Swifti infections.
Other Threats Associated with Swifti
Swifti is not the only threat infection being distributed using this exploit. Another threat associated with these attacks is known as Bedep. This threat infection is a distribution botnet that may then be used to deliver multiple threat infections to the victim's computer. Bedep is being used to install threats that manipulate advertisement networks to make it seem as if the computer users has clicked or viewed multiple advertisements in order to generate revenue. This type of advertisement fraud is a typical way of generating revenue at the expense of computer users. Malware researchers consider that the exploit associated with Swifti and this other threat infection is a severe threat. This is not due, in fact, to the strength or destructive potential of the attack, but rather to the widespread use of Flash and the lack of a patch.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.