TROJ_PIDIEF.KFR
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 8,832 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 122 |
| First Seen: | May 14, 2012 |
| Last Seen: | September 10, 2023 |
| OS(es) Affected: | Windows |
The TROJ_PIDIEF.KFR Trojan is an infection that is part of a malware attack and targets human rights activists in Non-governmental Organizations (NGO) supporting Tibet. One of the characteristics of TROJ_PIDIEF.KFR scam that has caught the attention of PC security researchers is the fact that TROJ_PIDIEF.KFR impersonates FireEye, a known, legitimate security firm. In fact, the email used to deliver TROJ_PIDIEF.KFR includes characteristics like the firm's logo and personal information on that security firm's researcher (such as his phone number, email address, and signature). Even worse, TROJ_PIDIEF.KFR email even seems to come from an email address connected to FireEye.
In fact, TROJ_PIDIEF.KFR was first uncovered and announced to the world by the same FireEye researcher that is used in these malicious email messages: Alex Lanstein. Apparently, he sent an email message to one of the victims of a previous email scam targeted towards pro-Tibet human rights activists. This may have given the people behind these attacks the idea to use his own email personal information, and message body as part of their ongoing attack against these organizations. If you believe that you have been in contact with this malicious email message and its contents, ESG security analysts strongly recommend performing a complete scan of your PC with a reliable anti-virus program.
Victims of TROJ_PIDIEF.KFR will receive an email message claiming that the FireEye security firm needs the victim's permission in order to publish a blog post where the computer user's name is mentioned. Basically, this section of the email's body reads:
'I would love to write a blog entry at my corporate site about a few attacks and mention you by name. Keep in mind that I already have this information, but I would like your permission in addition, as it might not have been an IT person who uploaded the file, not specifically you.'
However, the email address used in this message is not real. In fact, the actual email address has been previously linked to other email scams targeted toward pro-Tibet activists. TROJ_PIDIEF.KFR is a fairly typical dropper Trojan. Disguised as a legitimate PDF file, TROJ_PIDIEF.KFR is designed to run a malicious JavaScript applet which downloads and installs a backdoor Trojan known as BKDR_INJECT.KFR onto the victim's computer system. This backdoor Trojan's command and control server is located in China. TROJ_PIDIEF.KFR's end goal is to send information about the victim (such as online passwords, sensitive files, and cell phone information) to this Chinese server.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %User Temp%\Winscript.js |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.