Troj/Tepfer-Q
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 13 |
| First Seen: | April 18, 2013 |
| Last Seen: | April 14, 2022 |
| OS(es) Affected: | Windows |
As usually happens with breaking news stories, criminals have quickly pounced on the popularity of the Boston Marathon bombing news story in order to spread malware. This terrible incident has resulted in malicious spam email messages that supposedly contain links to videos of the terrorist attack in Boston with subject lines related in some way to this incident. It appears that all of these spam email messages are based in Latvia and Ukraine, Eastern European countries that have been linked to spammers and computer scams before. Clicking on the embedded links contained in these spam email messages leads computer users to a website where an exploit kit is used to install Troj/Tepfer-Q on the victim's computer. Troj/Tepfer-Q is a dangerous password stealing Trojan that may be employed to obtain access to the victim's online accounts, banking information and private data.
When the victim clicks on the embedded link in the spam email message, the link directs the victim to a website that is designed to appear to be a legitimate YouTube video. However, while the video is running in the background, the RedKit Exploit Kit is actually installing Troj/Tepfer-Q on the victim's computer. If the victim's computer contains vulnerabilities that this exploit pack can take advantage of, then Troj/Tepfer-Q's executable file is executed on the victim's computer, installing its malicious files and making dangerous changes to the infected computer's registry. Successful installation of Troj/Tepfer-Q allows criminals to gain remote access to the infected computer. Troj/Tepfer-Q has the ability to steal online passwords and private data directly from the data stored on the victim's web browser. The stole data is then transmitted to an outside server where it is then used to carry out various scams and crimes, such as identity theft or money laundering.
There were other times that malware authors have distributed Trojans like Troj/Tepfer-Q taking advantage of popular news stories. Only a month prior to the Boston Marathon bombing, similar scams took advantage of the trending news relating to the election of the new pope. These kinds of scams take advantage of inexperienced computer users that do not understand that unsolicited email messages are not a trustworthy source for news and are usually used to send out malware like Troj/Tepfer-Q.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | [System]\drivers\npf.sys | |
| 2. | [System]\Packet.dll | |
| 3. | [System]\wpcap.dll |
