Trend Micro Identifies New Malware Named "TROJ_ARTIEF.RTN"
Trend Micro has detected samples with the file name "PROPOSED CHRISTMAS PARTY 2012.doc", which is essentially the malware called "TROJ_ARTIEF.RTN". When executed, this malware drops a file "temp.doc" that acts as a decoy to lead recipients to think that this is a legitimate document - a supposed invitation to a certain government office's upcoming Christmas party.
It will then take advantage and control one's system, allowing cybercriminals obtain information to carry out targeted attacks. Some examples of commands that compromise security include:-
- Get Network information
- Get Username/Computername
- Get OS Information
- Get running process
- Get Installed Applications
- Perform Shell Command
Additionally, the trojan is able to check which web browser is being utilized, and create a hidden process to inject its malicious codes. Because emails are often used by cybercriminals executing APTs (Advanced Persistent Threats) and targeted attacks, Trend Micro speculates that this attack uses email messages as a delivery mechanism to penetrate the network of targeted entity.
Trend Micro will continue to monitor and report threats should there be any developments.
Source: Trend Micro