BKDR_POISON.DOC

Posted: April 27, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	368

First Seen:	April 27, 2012
Last Seen:	July 1, 2023
OS(es) Affected:	Windows

BKDR_POISON.DOC is a backdoor Trojan that's installed by TROJ_ARTIEF.DOC, an e-mail-distributed .rtf file; SpywareRemove.com malware analysts note that this attack method is very similar to the strategies also employed by TROJ_MDROP.GDL, Backdoor.Meciv and TROJ_ARTIEF.ZIGS. Although spam messages that carry TROJ_ARTIEF.DOC can be recognized by their pretense at carrying news related to the failed North Korean rocket launch, BKDR_POISON.DOC itself doesn't show obvious symptoms of its attacks. Despite its low-key nature, BKDR_POISON.DOC is capable of extremely serious security and privacy-violating attacks, including keylogging, enabling criminals to control your PC, capturing screenshots and examining files for personal information. SpywareRemove.com malware research team encourages you to both identify BKDR_POISON.DOC's infection vectors for avoidance and delete BKDR_POISON.DOC with qualified anti-malware software once you suspect that your PC may have a BKDR_POISON.DOC infection.

BKDR_POISON.DOC – as Venomous a Program as You Could Hope to Find from a Fake News Source

Because BKDR_POISON.DOC, like most backdoor Trojans, is incapable of distributing itself directly, BKDR_POISON.DOC is installed by a second Trojan, TROJ_ARTIEF.DOC, which is sent out in e-mail spam under the name 'North Korea satellite launch eclipses that of Iran.doc.' However, instead of offering exclusive news on North Korea's rocket launch flop, TROJ_ARTIEF.DOC installs BKDR_POISON.DOC – although SpywareRemove.com malware researchers note that many similar Trojans do open a basic text document to serve as a distraction while making such attacks. BKDR_POISON.DOC is a multipurpose backdoor Trojan with a hefty set of spyware-related features, including such high-priority attacks as:

Keylogging (recording keyboard-based input).
Recording webcam data.
Capturing screenshot images of your monitor display.
Updating itself for new behavior and potentially new attacks.
Take over management of the Windows Registry, services, programs, memory processes and other aspects of your PC.
Transfer information to a remote server or take commands from said server to enable other attacks.

The Antidote to BKDR_POISON.DOC's Faux News

Given that BKDR_POISON.DOC can be used, not only to control your PC, but to steal information that allows for account hijacks, bank account break-ins and other high-priority attacks, SpywareRemove.com malware analysts find difficulty in overstating the necessity of removing BKDR_POISON.DOC as quickly as you possibly can manage. However, other than opening TCP port 443 if necessary, BKDR_POISON.DOC doesn't have obvious symptoms and should be detected and, ideally, removed by a suitable anti-malware program.

SpywareRemove.com malware analysts also note that since BKDR_POISON.DOC is installed by exploiting certain Microsoft Office vulnerabilities, keeping that software updated or even uninstalled can help to prevent TROJ_ARTIEF.DOC from ever installing BKDR_POISON.DOC in the first place. However, in most cases it's more practical merely to avoid suspicious e-mail file attachments, especially those that claim to be offering news about North Korea's recent rocket-launching failure.

BKDR_POISON.DOC

Threat Metric

BKDR_POISON.DOC – as Venomous a Program as You Could Hope to Find from a Fake News Source

The Antidote to BKDR_POISON.DOC's Faux News

Leave a Reply