By ESGI Advisor in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 18
First Seen: October 9, 2013
Last Seen: February 21, 2022
OS(es) Affected: Windows

The Foidan family of Trojans is a group of threats that are designed to alter how the victim's Web browser behaves. Criminals may use Foidan to cause browser redirects, spy on the victim's online activities and take over the victim's Web browser in a variety of ways. Foidan attacks seldom occur on their own and Foidan Trojans may be coupled with other types of threats. If your computer is infected with a variety of Foidan, it is important to use a strong, reliable anti-malware application to protect your computer.

Attack Tactics of Foidan and Similar Trojans

The origin of the Trojan name is the Trojan Horse from the Iliad. Like the legendary Trojan Horse, Trojans carry out a similar tactic to infiltrate a computer. A Trojan is usually disguised as a legitimate file or beneficial program which, once opened, delivers an unsafe payload in the form of harmful code that may cause a variety of problems on the victim's computer. Foidan Trojans are no exception. Trojans in the Foidan family of threats may be disguised as video codecs or as PDF file attachments. Once opened, they install threatening components on the victim's computer which are programed to seize the victim's PC and monitor its online activities. Trojans in the Foidan family may also cause other problems on the victim's computer, affecting the infected computer's performance and Internet connectivity. Other characteristics of some Foidan variants include the ability to block legitimate security software and make PC security researchers' work more difficult by preventing the study of these suspicious files on virtual machines or using tools commonly used to study threats in a control environment.

The Purpose of Trojans in the Foidan Family of Malware

In the end, the main purpose of threats in the Foidan family is to generate revenue at the expense of the computer user. Trojans that take over the victim's Web browser allow criminals to generate profits in a variety of ways. For example, criminals may use Foidan Trojans to spy on the victim's online activities. Data gathered in this way may be used to deliver targeted advertisements to the victim's Web browser. Foidan Trojans may also be used to force computer users to visit certain websites in order to boost these pages' page ranking and generate significant profits from advertising and marketing.

File System Details

Foidan may create the following file(s):
# File Name Detections
1. %APPDATA% \ie_util.exe
2. %APPDATA% \fnmod_32.exe

Registry Details

Foidan may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "FNModuleUpdater" = "%APPDATA%\fnmod_32.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IExplorer Util" = "%APPDATA%\ie_util.exe"


Most Viewed