Trojan:Win32/Tobfy.H
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 1 |
First Seen: | November 27, 2012 |
Last Seen: | April 28, 2020 |
OS(es) Affected: | Windows |
There have been reports of the criminals responsible for the Koobface botnet being involved recently in scams designed to distribute dangerous ransomware by using Trojan:Win32/Tobfy.H in their attacks. This attack has several components; the Trojan:Win32/Tobfy.H Trojan connects to a Command and Control server in order to receive instructions from the criminals responsible for this attack and to install additional malware on the victim's computer. In January of this year, malware researchers exposed the identities of the criminals responsible for the infamous Koobface botnet. This was a devastating blow to this botnet, which appears to be currently offline thanks to the action of malware analysts. Unfortunately, these criminals are still active and are still involved in developing and distributing malware.
The leader of this ring of criminals is the Russian Hacker Anton Nikolaevich Korotchenko, who goes by the alias KrotReal. According to intelligence gathered by PC security researchers, he is currently involved in two criminal activities related to computer crime. These include creating browser hijackers in order to exploit black hat SEO techniques and creating localized ransomware distribution networks that charge other criminals for installing these kinds of threats. Trojan:Win32/Tobfy.H belongs to this second scam. These two attacks are related closely. The blackhat SEO scam drives traffic to attack websites that distribute Trojan:Win32/Tobfy.H and similar ransomware threats.
This group of criminals uses browser hijackers to force computer users to visit certain websites repeatedly. This drives the traffic in these websites up, allowing criminals to profit from advertising revenue significantly. The browser hijackers involved in this scam take over the infected computer and force it to visit certain websites without the computer user's authorization. Many of these websites contain pornographic content, which may also appear in pop-up windows. Trojan:Win32/Tobfy.H is hosted in a couple of these websites. When the victim's computer is infected with Trojan:Win32/Tobfy.H, it connects to the same command and control server used by these browser hijackers in order to install localized ransomware. This means that Trojan:Win32/Tobfy.H will download a ransomware Trojan variant that corresponds to the infected computer's geographical location, typically in the form of police ransomware containing a fake message from that country's police agency which will be written in that country's language.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.