BKDR_MECIV.AF

BKDR_MECIV.AF is the final component of a multi-component malware attack commonly known as Enfal. This dangerous Trojan infection involves a Trojan dropper, known as TROJ_ARTIEF.JN, which is contained in a malicious email message and BKDR_MECIV.AF itself, the backdoor component of this infamous malware attack. While Enfal was mainly active in September of 2011, ESG security researchers have recently detected an updated version of Enfal that is using these components to carry out attacks all around the world. ESG security researchers estimate that about eight hundred computers have become infected by Enfal and the BKDR_MECIV.AF backdoor Trojan. While this number is not as high as other Trojan infections that cast a wider net, the main danger of BKDR_MECIV.AF and Enfal is that criminals use this Trojan to seek out and infect high-profile targets. Most BKDR_MECIV.AF infections are centered on computers that belong to government agencies, aerospace or nuclear facilities, diplomatic outposts and pro-Tibet organizations.

BKDR_MECIV.AF's targets are distributed all around the world. Most infected computers are centered in the Russian Federation, Vietnam and Mongolia. However, there are numerous infected computers in the United States, the Middle East, India and the Philippines. It is clear that criminals have chosen these targets because they have buyers in mind for the information that they can steal using BKDR_MECIV.AF. For example, some of the main targets of BKDR_MECIV.AF attacks are pro-Tibet organizations. Chinese agencies intent on fighting the pro-Tibet movement are clearly the most obvious buyers for this kind of data, which can be quite lucrative. Other important organizations that have been infiltrated with BKDR_MECIV.AF include important government institutions, consulates, embassies, and nuclear research facilities.

BKDR_MECIV.AF is installed using the TROJ_ARTIEF.JN Trojan, which exploits known vulnerabilities in Microsoft Word in order to run a malicious code on the compromised machine. Once installed, BKDR_MECIV.AF can be used to carry out several malicious tasks on the infected computer. BKDR_MECIV.AF installs what is known as a backdoor. Like a physical back door that allows people to enter a building undetected, the backdoor installed by BKDR_MECIV.AF is an unauthorized opening in the infected computer's security. Using this opening, criminals can install other malware, steal information, spy on the infected computer, and even control the infected computer from a remote location. The fact that BKDR_MECIV.AF is usually used to infiltrate high profile targets often means that BKDR_MECIV.AF can have devastating political or economic consequences.