Threat Database Trojans Troj/Inject-QL

Troj/Inject-QL

By SpideyMan in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: October 11, 2011
Last Seen: April 25, 2023
OS(es) Affected: Windows

Troj/Inject-QL, a very dangerous viral warhead and malicious program, is being used to compromise websites and secretly plant a Trojan downloader to infect PCs automatically upon a visit by their owners.

If you are not well-informed to look out for the booby traps of malware, you might have fallen for the personalized sender's email address (that most likely was spoofed) or the link reflecting the company's URL, another falsity. Other telltale signs of a scam, spam or dubious link:

  • Notes were written poorly, i.e. errors or improper use in grammar, spelling, sentence structure, etc.
  • Some over-the-top title-tease, requiring you 'click' to view some humorous, sexual, funereal or heavily covered news story that also requires you download a component or update, i.e. Flash, etc.
  • You are presented a Youtube or Facebook looking web page and the URL in the browser doesn't measure up, i.e. reflects the official website's URL or address.

On the rise is the use of SQL injectors like Troj/Inject-QL to help compromise hundreds of thousands of websites poorly constructed or using outdated web applications. Troj/Inject-QL specifically is used to inject malicious SQL statements into database-driven web pages, triggering an error and allowing a poisonous code to be inserted. Better yet, cybercrooks use stealth toolkits to automate the attacks, accelerating the exploit procedure.

Thanks to Troj/Inject-QL and the naivety of PC users who fall victim to the poorly written IT Notice email spam, the link reroutes them to the compromised website, allowing Trojan Mal-Generic-L, a Trojan downloader, to automatically infect the system.

Troj/Inject-QL is also co-conspirator to an email spam campaign zipping through company portals and springing up on desktops. Imagine receiving an internal email or notice as follows:

Subject: IT Notice
Message body:
Dear all,
Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is moving, a few files deleted. Expert written virus removal tools to help us fully remove this virus, Please download and install the patch, obtain virus definitions, and run the removal tool. Download the tool from: [LINK]. Please Back Up Your System Databases, If any questions, please do not hesistate to contact IT department.

Every piece of malware is charged with the task of carrying single or multiple payloads.

If you fell victim to the latest ploy by cybercriminals and clicked on the poisonous link in the IT notice email spam, you should immediately notify your 'real' IT department, so they can quarantine and eradicate any viruses that slipped inside.

If using your own personal computer, disconnect your Internet to stop any new transmissions of data to a remote server and further spread of the virus.

Aggressive malware has the ability to cripple any security measures or programs on the infected system. You may be blocked from using your browser to seek a helpful website and download a helpful anti-malware solution. In this case, you may need to find an alternative method to 'inject' stealth removal techniques to find and remove Troj/Inject-QL, and any co-conspirators Troj/Inject-QL helped gain entry.

Security experts have noted an increase use of rootkit technology to fortify malware, in an attempt to elude detection and removal. Infectious programs are embedded in the registry so they run every time Windows is started. Infectious files are masked, assuming the legitimate file name and extension of system or .dll directory files. Persons attempting to manually remove and edit these types of files could delete the wrong ones and corrupt their hard drive. For this reason, experts suggest relying on a reputable anti-malware tool known to contain an anti-rootkit component that can find and safely remove viruses hiding out in the kernel, MBR or BIOS.

Until your computer has been washed clean of infections brought on by Troj/Inject-QL, you should not use your Internet for any online purchasing or banking.

SpyHunter Detects & Remove Troj/Inject-QL

File System Details

Troj/Inject-QL may create the following file(s):
# File Name MD5 Detections
1. antivirus.exe 22f77c113cc6d43d8c12ed3c9fb39825 0

Trending

Most Viewed

Loading...