Threat Database Backdoors BKDR_POISON.DOC

BKDR_POISON.DOC

By Domesticus in Backdoors

Threat Scorecard

Ranking: 12,071
Threat Level: 50 % (Medium)
Infected Computers: 157
First Seen: April 27, 2012
Last Seen: July 1, 2023
OS(es) Affected: Windows

The BKDR_POISON.DOC Trojan is a malware infection that is closely linked to TROJ_ARTIEF.DOC, a malicious RTF file that is part of a spam email campaign. BKDR_POISON.DOC is a backdoor Trojan, that is, BKDR_POISON.DOC installs a backdoor into the victim's computer system. A backdoor is nothing more than an opening in the infected computer's security which criminals can use to access the infected computer system from a remote location. Since BKDR_POISON.DOC uses a vulnerability in Microsoft Word to infiltrate a computer system, ESG malware researchers recommend keeping this application (and all of your software) fully updated, as well as avoiding opening unsolicited email attachments.

BKDR_POISON.DOC presents no obvious symptoms, since this kind of attack works best if the victim is not aware that the computer is infected. With the help of the BKDR_POISON.DOC backdoor, criminals can use a keylogger and a remote access tool; add malware that allows criminals to track your activities; steal your personal information and even control your computer directly; just as if they were sitting in front of the keyboard! Because of this, if you suspect that your computer system has been exposed to BKDR_POISON.DOC, ESG malware researchers strongly recommend taking action with a reliable anti-malware program immediately.

How Criminals Distribute BKDR_POISON.DOC

Like most Trojans, BKDR_POISON.DOC has no way of spreading on its own. These kinds of malware infections take their name from the famous Trojan Horse, which was used to trick the people of Troy into thinking that it was a gift while actually being full of soldiers. Trojans work in a similar way, they are designed to convince the victim that they are beneficial files, but actually contain a payload which, once installed, wreaks havoc on the infected computer system. However, they cannot spread on their own and require the victims themselves to download and execute them (or the help of a secondary attacker).

To carry out its attack, BKDR_POISON.DOC will use a malicious RTF file which pretends to contain news about North Korea's failed missile launch. Using a known vulnerability in Microsoft Word, criminals can use this disguised RTF file in order to install BKDR_POISON.DOC on the infected computer system without the victim's knowledge. Like many advanced backdoor Trojans, BKDR_POISON.DOC has spy capabilities of its own. The only symptom that a BKDR_POISON.DOC Trojan infection may present is opening TCP port 443 in order to connect to its Command and Control server.

Trending

Most Viewed

Loading...