BKDR_INJECT.KFR
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 7,159 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 2,707 |
First Seen: | May 10, 2012 |
Last Seen: | September 19, 2023 |
OS(es) Affected: | Windows |
If you've been alerted to the presence of BKDR_Inject.KFR, your computer has been infected, which means your data and hard drive are at risk. BKDR_Inject.KFR is part of a malicious email spam operative involving multiple Trojans and is evidence of the devious mindset of cybercriminals who cook up scams every day to trap unsuspecting computer victims.
The Internet security community is always studying malware cases to better inform the public of potential dangers and also to better shape products to combat attacks. It is rare, however, that case studies publicly identify the targets or victims by name, something Mr. Lanstein desired to do for a security blog he authors. Whilst seeking permission from the identified victims whose cases were documented with VirusTotal, hackers intercepted and spoofed Mr. Lanstein's email to trap other unsuspecting Tibetan victims. Other than a font change and a minor giveaway in the footer referencing .cn (China), that many may easily overlook, the spoofed email was a replica and read as follows:
Hello,
My name is Alex Lanstein with a security company called FireEye. We deal with targeted attacks against large organizations that come in via email attachment or email links. Essentially, I do malware analysis for a living.
If I have you on the BCC list, you have submitted more than one targeted malicious attachment to virustotal over the past few months. Please understand that when you send a file to VT, many researchers like myself get a copy of the email in order to test our products.
I would love to write a blog entry at my corporate site about a few of these attacks and mention you by name. Keep in mind I already have this information, but would like your permission in addition, as it might not have been an IT person who uploaded the file, not you specifically.
Thanks in advance,
Alex Lanstein
Senior Systems Engineer
Direct: +1(860)625-4277
Email: alanstein@fireeye(dot)com
Malware Protection System
http://www(dot)FireEye(dot)com
The spear phishing email included a malicious PDF that when clicked exploited an older Adobe Flash vulnerability, allowing it to make a connection with a malicious URL to intercept and download BKDR_Inject.KRF, a RAT giving a hacker remote access. Unauthorized access could easily allow the hacker to gain administrative control of the infected system and secretly use its resources to either distribute mass email spam communications or to wage a DNS strike.
Hackers hope to move seamlessly in the background, without fanfare, while the victim continues working none-the-wiser. An overload of system resources could cause the victim to incur an undue system crash, thus threatening the security of the operating system and the victim's valuable data. Other threats that are imminent will be:
- Theft of vital data stored on the browser cache or entered into web-based forms
- Theft of email addresses in HTML files or on the hard drive
- Installation of a rogue security program that wages an assault of fake alerts, scans and reporting to scare the victim into buying fraudulent software
If your computer suddenly slows or you notice other weird system behaviors such as an annoying amount of pop-up advertisements contradicting browser settings, etc., you should use a reliable scanning tool to investigate. If infections are founded, get ready to remove them. Not all anti-virus tools have the ability to search white listed areas, where malware loves to hide. Therefore, you should rely on anti-malware protection to dig deep and remove hidden malware without causing further harm to your system.
Going forth, you really should implement key online safety guidelines to better guard and protect your system against malicious attacks. For starters, keep a stealth anti-malware in effect at all times and make sure to maintain your software patched up to block exploits. Always use strong passwords, and verify the source of emails before clicking on links or attachments, just in case the email account was hacked and spoofed.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %User Temp%\conime.exe |
URLs
BKDR_INJECT.KFR may call the following URLs:
birthdiscipline.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.