Troj/DexFont-A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 3 |
| First Seen: | November 26, 2012 |
| Last Seen: | April 16, 2021 |
| OS(es) Affected: | Windows |
Troj/DexFont-A is a dangerous Trojan infection that has been linked to a recent wave of attacks involving hacked GoDaddy websites. These attacks have been taking place since early November of 2012. These involve delivering ransomware Trojans to victims' computer systems, typically designed to display fake messages from the police. Troj/DexFont-A infections in this attack are implemented by hacking DNS records on websites hosted by Go Daddy, a popular web hosting service. In fact, GoDaddy is the biggest domain name enrolled in the globe, meaning that these attacks have managed to affect a large number of computer systems with the potential of attacking numerous others.
All the computer systems connected to the Internet and the websites hosted on these computer systems have names which are known as host names. DNS is a way to translate these names into a number known as an IP address. DNS is necessary because IP addresses change constantly as locations, machines, networks and resources move and DNS allows quick changes to be made to this IP address processing (host names, meanwhile, remain constant). Criminals have managed to hack the Go Daddy websites by making changes to a website's DNS records and adding IP addresses leading to attack websites. These added IP addresses are sub-domains, which resolve in the background while the main website loads (sub-domains are legitimately used to add content from multiple sources, such as social media or advertisement servers). The danger of these kinds of attacks is that the legitimate website will load, and it will use a legitimate URL, which may allow the attack to bypass security software on the victim's computer. These malicious IP addresses correspond to attack servers using the Russian-made Cool EK exploit kit, which is quite similar to the popular BlackHole exploit kit. This exploit kit delivers various malware threats to the victim's computer, including the Troj/DexFont-A Trojan.
Apart from Troj/DexFont-A, there are several other malware infections involved in this complicated, multi-component attack. This attack involves the victim's web browser redirecting to the exploited landing page. Troj/DexFont-A abuses a known vulnerability in order to drop other malware on the victim's computer. Another malicious JAR file is used to take advantage of vulnerabilities in Java to execute malicious code. Finally, the payload in the form of a common ransomware Trojan is also installed on the victim's computer.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.