By ESGI Advisor in Malware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 2
First Seen: March 12, 2012
Last Seen: October 17, 2018
OS(es) Affected: Windows

Enfal is a Trojan infection that has been involved in various attacks all around the world. While Enfal was involved in a large string of attacks in September of 2011, ESG security researchers have uncovered an updated version of this dangerous Trojan infection that has attacked nearly one thousand computers all around the world. While this may not seem like such an impressive number, it is important to note that attacks involving the Enfal Trojan have targeted high priority targets. These include computers belonging to government institutions, embassies and consulates and important science and aerospace government agencies and companies. Due to the high profile threat that is posed by this dangerous Trojan infection, ESG security researchers strongly advise computer users involved in sensitive industries or activities to protect their computers from an Enfal Trojan attack through the use of a reliable, fully updated, powerful anti-malware program.

ESG malware analysts have found that most of the worldwide Enfal attacks are concentrated in Russia, Mongolia and Vietnam. Other Enfal attacks have managed to infect computers in China, the Middle East and India. Unlike other Trojans that cast a wide net, Enfal attacks involve important targets. This updated version of Enfal specifically targets suppliers and contractors for these countries' military organizations. It also seems to target nuclear facilities and organizations that support Tibet. The main difficulty when dealing with Enfal infections is that it is difficult to recognize a computer that has become infected with this threat.

ESG security researchers have observed that Enfal infections will begin with an email message containing a malicious file attachment. These scam email messages are often well written and include content that may fool computer experts. For example, one of the attacks that was used to infect computers belonging to pro-Tibet groups supposedly announce a general meeting of Tibetans and includes believable dates, formatting and content. The Enfal attack is contained in a file in DOC format (a Microsoft Word document). Despite appearing as a harmless Microsoft Word file, this Doc file is actually a Trojan infection detected as TROJ_ARTIEF.JN. Taking advantage of the vulnerability in Microsoft Office known as CVE-2012-0158, this Trojan infection installs a backdoor Trojan named BKDR_MECIV.AF on the infected computer. This backdoor allows criminals to gain unauthorized access to the compromised computer.

Related Posts


Most Viewed