TROJ_ARTIEF.ZTBD-R
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 1 |
| First Seen: | May 13, 2014 |
| Last Seen: | September 9, 2019 |
| OS(es) Affected: | Windows |
TROJ_ARTIEF.ZTBD-R refers to a vulnerability in the Microsoft Word that has been used to carry out devastating threat attacks. Zero-day vulnerabilities, which receive their name because they are present from day one, before appropriate security countermeasures can be enacted, are particularly threatening. One zero-day vulnerability in Microsoft Word uncovered recently has become the focus point for various threat attacks. This vulnerability, CVE-2014-1761, was first detected in March of 2014 and has been patched since April. However, despite it being patched, many computer users have failed to update their software, meaning that their computers remain vulnerable to the persons that attempt to exploit this vulnerability in order to carry out their attacks. Recently, malware researchers have uncovered a threat attack targeting government agencies in Taiwan that used TROJ_ARTIEF.ZTBD-R and BKDR_SIMBOT.SMC to take advantage of the vulnerability mentioned above.
Analyzing the Attacks Involving TROJ_ARTIEF.ZTBD-R
The two attacks on Taiwanese targets involved government agencies and a school. The attacks initiate with a compromised email message containing TROJ_ARTIEF.ZTBD-R in an attachment. The email messages use social engineering techniques to trick inexperienced computer users into opening their contents. The TROJ_ARTIEF.ZTBD-R attachment drops the BKDR_SIMBOTDRP.ZTBD-R Trojan, a threatening backdoor Trojan that installs a couple of other infections, which in turn deliver the ultimate payload of the attack, BKDR_SIMBOT.SMC. This threat allows third parties to take over the infected PC from an unfriendly location, allowing them to track on its contents, collect any data they desire and control it from a remote location.
Placing TROJ_ARTIEF.ZTBD-R's Attack within a Larger Context
TROJ_ARTIEF.ZTBD-R attacks have been linked to Taidoor. This is a threat campaign that PC security researchers have followed since 2009. These types of attacks use similar network structures and tactics. In general, they may have the following strategic similarities:
- These attacks may use a social engineering email message to lure victims into opening a corrupted attached file. These email messages are carefully targeted and worded in order to trick specific targets.
- These attacks may target related individuals or institutions and are very specific. Rather than being general threat campaigns, they may be specifically designed for a particular target.
- The people involved in these attacks may make use of zero-day vulnerabilities and exploits like TROJ_ARTIEF.ZTBD-R.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.