Win32/Tifau
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,366 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 314 |
| First Seen: | January 27, 2012 |
| Last Seen: | June 27, 2023 |
| OS(es) Affected: | Windows |
Win32/Tifau is a worm which searches for all drives on the infected computer system and then copies itself to their root folders. This allows Win32/Tifau to spread from one computer to the other by copying itself to removable drives, such as USB memory sticks or SD cards. Once installed on the victim's computer, Win32/Tifau creates a backdoor which allows a criminal to access the victim's computer from a remote location. Because of this ability to create a backdoor, Win32/Tifau is usually the first step in a dangerous malware attack, leaving an open backdoor through which a criminal can then install other malware that can be used to control the computer remotely. Win32/Tifau itself can receive instructions and updates from a remote location, as well as relaying information to the criminals by uploading to a remote server. If you suspect that Win32/Tifau has infected your computer system, ESG security researchers strongly recommend the use of a strong anti-malware application to safeguard your computer system.
Table of Contents
How Win32/Tifau Attacks Your Computer System
Win32/Tifau drops various executable files into the system folder, as well as an autorun file which allows Win32/Tifau to start up automatically as soon as the contaminated drive is attached to a computer system. Win32/Tifau also makes various registry entries that allow Win32/Tifau to start up automatically when the victim launches Microsoft Windows. There are several versions of Win32/Tifau, each identified with a letter added to the worm's name (for example, Win32/Tifau.A or Win32/Tifau.B). The names of the dropped files vary from one version of Win32/Tifau to another. Win32/Tifau also adds an exception to the Windows Firewall, which allows Win32/Tifau send and receive data to/from a remote server. Once installed, Win32/Tifau will make copies of itself and add it to the root folders of all drives detected on the infected computer system, as well as creating an autorun.inf file which allows Win32/Tifau to start up automatically. Win32/Tifau can receive data over the Internet, using HTTP protocol to send and receive data from four different URLs. Win32/Tifau also has rudimentary self-defense mechanisms that allow Win32/Tifau to terminate the file processes associated with common anti-malware and anti-virus scanners. The backdoor Win32/Tifau Worm creates will often be used to install a dangerous rootkit on the victim's computer system which can then entirely disable any security software that is installed.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | autorun.inf |
URLs
Win32/Tifau may call the following URLs:
| ultimate-detection.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.