TROJ_STARTPA.AET
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 7 |
| First Seen: | November 28, 2012 |
| Last Seen: | February 21, 2022 |
| OS(es) Affected: | Windows |
The Troj_STARTPA.AET Trojan is associated with a clever social engineering scam that involves convincing unsuspecting computer users to download fake updates for their Web browsers. Troj_STARTPA.AET is spread by malicious scripts that prompt computer users to download Web browser updates, typically through a pop-up advertisement. The Troj_STARTPA.AET scam mixes a social engineering scam with scareware tactics and, in some cases, even browser hijackers. Hundreds of computers around the world have been exposed to the Troj_STARTPA.AET scam. It is important to remember that all software updates should be downloaded directly from your software manufacturer's official website and never from third party sources such as pop-up messages or third party websites asking you to update your Web browser.
Troj_STARTPA.AET Attack Mixes Several Types of Known Online Scams
The main reason why the Troj_STARTPA.AET scam has caught the attention of ESG security researchers is because Troj_STARTPA.AET effectively mixes several kinds of scams in order to attack computer users with greater accuracy. In many cases, Troj_STARTPA.AET will use a browser hijacker to change the victim's homepage to a website claiming that the victim's browser needs to be updated. Phony, fake updates are also a typical part of many scareware scams which rely on convincing computer users to download fake, expensive updates for their rogue security software. It is also important to note that the Troj_STARTPA.AET infection would not be possible without its clever social engineering strategy which relies on tricking computer users into thinking that their Web browser is out of date.
The website where computer users are directed contains a script that determines the victim's Web browser. It then offers the victim an update for that Web browser. The page will typically be designed to use logos and messages identifying it as an affiliate of Mozilla Firefox or other popular Web browsers. Once installed, Troj_STARTPA.AET changes the victim's homepage to a similar website which allows criminals to install additional malware on the victim's computer. The main danger of the Troj_STARTPA.AET scam is the fact that these fraudulent websites are designed to look very convincing. In fact, they are so realistic that they can even trick more experienced computer users into thinking that they are dealing with an actual browser update website rather than with a known online scam. It is important to note that not even mobile browser users are safe from this scam, since these malicious websites can also cause fraudulent SMS charges.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %User Temp%\suicide.exe | |
| 2. | %User Profile%\Application Data\Mozilla\Firefox\Profiles\{RANDOM CHARACTERS}.default\searchplugins\EcoStartPage.xml |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.