Gen:Variant.Graftor.15447
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 20 |
First Seen: | March 13, 2012 |
Last Seen: | April 28, 2023 |
OS(es) Affected: | Windows |
As of March, 2012, ESG there's been a multiple reports of an online scam that is attempting to attack computer systems by taking advantage of the constant presence of the nuclear tensions with Iran that have appeared in the current news cycle. ESG malware analysts believe that Gen:Variant.Graftor.15447
originates in China and, at least at some level, is attempting to target computer users belonging to the United States military or related institutions. The main exploit comes through a Microsoft Word document (with the DOC) extension which is sent out in malicious spam email. This document is title "Iran's Oil and Nuclear Situation.doc" and clearly attempts to pique curiosity in computer users interested in the current political tensions between Iran and the Western world.
An Overview of the Actual Gen:Variant.Graftor.15447 Attack
This document uses an exploit which attempts to load a video file in MP4 format from a malicious IP address. This MP4 file is not a real video file, using only the header in order to fool your computer system into believing that it is an MP4. In reality, when Adobe Flash attempts to run it, it triggers a known exploit in this application, known as the CVE-2012-0754 exploit, which allows Gen:Variant.Graftor.15447 to drop an executable file included within the original Microsoft Word document. The actual MP4 file manages to bypass anti-virus software because it streams from the web, which means that by the time an anti-virus program can scan it, it is too late. The executable file embedded in the DOC file is also very well hidden, obfuscated in various ways to prevent its detection. Gen:Variant.Graftor.15447 is the actual backdoor which is installed through a remote server in China. Once Gen:Variant.Graftor.15447 is installed, Gen:Variant.Graftor.15447 connects to its control server and waits for orders from the criminals behind Gen:Variant.Graftor.15447.
Gen:Variant.Graftor.15447 is Clearly a Targeted Attack
PC security analysts tend to create email accounts that are purposefully designed to attract spam. It seems that the Gen:Variant.Graftor.15447 attack has not targeted these kinds of accounts or the general public in particular. This malware threat has been found among emails coming from a massive phishing attack from an entity known as Operation Aurora, in China. These are targeted specifically against military officers in the United States and in Taiwan. The Gen:Variant.Graftor.15447 backdoor is quite persistent and extremely difficult to detect. It is essential to ensure that your security software, applications and operating system are fully updated in order to shut down all exploits and vulnerabilities that Gen:Variant.Graftor.15447 takes advantage of.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.