Trojan:AutoIt/Kilim.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 3 |
| First Seen: | June 12, 2013 |
| Last Seen: | February 9, 2020 |
| OS(es) Affected: | Windows |
Social networks are rife with inexperienced computer users. Add to that the high amount of traffic that the most popular social networks receive and it is clear that they are especially juicy targets for malware developers. In fact, with the increased use of Twitter, Facebook, Pinterest and the like, these kinds of social networks are gaining importance in how criminals develop and target malware. There is one particular reason why these kinds of networks are especially effective for distributing malware; computer users on social networks are more likely to trust a video link or file attachment sent by someone they know, a friend or contact on one of these networks. This implicit trust can be used to distribute malware highly effectively. ESG security researchers have come across numerous examples of Trojans that take advantage of this, including Trojan:AutoIt/Kilim.A.
Table of Contents
How Trojan:AutoIt/Kilim.A Enters a Computer
Password stealing Trojans and banking malware have increased their presence on social networks in recent years. Often, these kinds of infections target web browsers in order to steal data directly from the victim's computer. Trojan:AutoIt/Kilim.A is designed to target the Google Chrome web browser. Trojan:AutoIt/Kilim.A is installed when the victim clicks on a malicious link that is distributed via other infected computers. These links are often shortened to hide their true destination. Since link shortening and sharing are both commonplace on social networks, especially on Twitter, this will usually not attract undue attention. Once the victim has been tricked into downloading and installing Trojan:AutoIt/Kilim.A, Trojan:AutoIt/Kilim.A makes harmful changes to the infected computer's registry that permit Trojan:AutoIt/Kilim.A to start up automatically when Windows is launched. Trojan:AutoIt/Kilim.A is designed to connect to a remote server and download two malicious extensions for the Google Chrome web browser.
Distribution Methods of Trojan:AutoIt/Kilim.A
Once these extensions have been installed they gain access to a variety of websites such as Facebook, Twitter and YouTube. Using the victim's accounts, Trojan:AutoIt/Kilim.A will like certain pages, follow profiles and send out direct messages. These messages will typically contain embedded links that lead to more computer users downloading and executing additional copies of Trojan:AutoIt/Kilim.A. Since the victims will see these messages coming from a trusted source, they probably will click on the embedded links. While the versions of Trojan:AutoIt/Kilim.A observed by PC security researchers use a message in German to accompany these links, there are variants of this scam corresponding to most countries around the world.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %windir%\adobeflash\update.xml | |
| 2. | %windir%\adobeflash2\update.xml |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.