BKDR_SIMBOT.SMC
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 6 |
| First Seen: | May 13, 2014 |
| Last Seen: | February 18, 2021 |
| OS(es) Affected: | Windows |
BKDR_SIMBOT.SMC is a backdoor Trojan that has been distributed recently by taking advantage of a zero day vulnerability in the Microsoft Word. These types of vulnerabilities are particularly threatening because they may present before appropriate security protections can be established. This vulnerability, which is cataloged as CVE-2014-1761, was first uncovered in March. Although Microsoft patched this vulnerability in April, it has still been exploited by third parties since then, in order to distribute threats like BKDR_SIMBOT.SMC. This is why security analysts recommend updating all software on your computer, Microsoft Word in particular. BKDR_SIMBOT.SMC has been involved in targeted threat attacks on institutions located in Taiwan in the months of April and May.
The Main Target of BKDR_SIMBOT.SMC is Taiwanese Institutions
The two targeted institutions in Taiwan were a government agency and an educational institution. In both cases, the BKDR_SIMBOT.SMC attack initiated with a corrupted email message containing a file attachment with an exploit designed to take advantage of the Microsoft word vulnerability in order to execute threatening code on the targeted computer. Several intermediary infections may be involved in a BKDR_SIMBOT.SMC attack. Once installed, BKDR_SIMBOT.SMC allows other persons to take over the victim's computer in order to control it from afar, gather data or use it in other unsafe activities. BKDR_SIMBOT.SMC is a severe threat to a computer's security which should be dealt with immediately. A fully updated and solid security tool will be a determinative help to achieve BKDR_SIMBOT.SMC's removal.
BKDR_SIMBOT.SMC is Part of a Larger Threat Campaign
Malware analysts suspect that the recent BKDR_SIMBOT.SMC attacks are part of Taidoor, a widespread threat campaign that has been active since 2009. This suspicion is based on the fact that most Taidoor attacks may use the following strategies in common:
- Taidoor attacks may begin with a social engineering lure that may present itself in the form of a targeted email message containing a corrupted file attachment.
- Rather than being general threat attacks, Taidoor attacks may be targeted toward specific institutions that may be industrial or belonging to the government.
- Taidoor attacks use zero day exploits like those used in this case to distribute BKDR_SIMBOT.SMC.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.