Threat Database Trojans TROJ_RODECAP.SM

TROJ_RODECAP.SM

By Sumo3000 in Trojans

Threat Scorecard

Ranking: 2,343
Threat Level: 90 % (High)
Infected Computers: 9,347
First Seen: July 31, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

The TROJ_RODECAP.SM Trojan is part of a dangerous malware attack. ESG security researchers have received reports of TROJ_RODECAP.SM attacks with a feature that has caught the attention of PC security researchers. Using spoofing to trick inexperienced computer users is a common tactic used by various types of malware threats and online scams. However, the TROJ_RODECAP.SM scam uses a technique known as header spoofing that has made TROJ_RODECAP.SM particularly effective at scamming inexperienced computer users. This is a technique that allows criminals to hide their attack, making it appear as if the attack is coming from a trusted source rather than from a malicious IP address. Security researchers consider that TROJ_RODECAP.SM is a severe threat to a computer's security that should be removed immediately with the help of a reliable, fully updated anti-malware application.

What is the Objective of a TROJ_RODECAP.SM Attack?

Header spoofing refers to a technique that makes it seem as if a URL belongs to a particular domain in order to hide the fact that it is connected with a malicious domain instead. While other spoofing techniques may modify the victim's operating system and files in their scam, the TROJ_RODECAP.SM attack involves a spoofing technique that modifies the network packet, adding a domain to the request header. Essentially, the TROJ_RODECAP.SM spoofing technique occurs before the server sends data once the malware infection has established a connection with the server. TROJ_RODECAP.SM connects to a malicious domain in Russia despite the fact that TROJ_RODECAP.SM makes it appear as if TROJ_RODECAP.SM establishes a connection with Google. TROJ_RODECAP.SM's spoofing may be used to trick network administrators and has been observed in other infections, including various high profile Trojans and remote access tools.

The Tricks Used by TROJ_RODECAP.SM to Infect a Computer

To prevent attacks involving the TROJ_RODECAP.SM, it is essential to use a reliable anti-malware application that is fully updated. It is also essential to avoid unsafe online content that may expose your computer to malware. Some examples of this type of content include websites containing malicious advertisements, file sharing networks, Web pages containing bogus pornographic material or promoting known scams such as online casinos or pharmacies. One typical way in which TROJ_RODECAP.SM infects a computer is through the use of fake video codecs or media players which are required to view fake online videos. Fortunately, TROJ_RODECAP.SM attacks can be removed by keeping your security software fully up to date and being smart when browsing the Web.

File System Details

TROJ_RODECAP.SM may create the following file(s):
# File Name Detections
1. %User Profile%\APPLIC~1\clipsrv.exe
2. %System%\drivers\esentutl.exe
3. %System%\mqtgsvc.exe
4. %User Profile%\APPLIC~1\cmstp.exe

Registry Details

TROJ_RODECAP.SM may create the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run CmSTP = "%User Profile%\APPLIC~1\cmstp.exe /waitservice"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Esent Utl = "%System%\drivers\esentutl.exe /waitservice"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run MqtgSVC = "%System%\mqtgsvc.exe /waitservice"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Trending

Most Viewed

Loading...