Crisis

Posted: August 22, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	28

First Seen:	August 22, 2012
OS(es) Affected:	Windows

Crisis is a rootkit that is also known as Morcut and includes broadly-applicable spyware functions – such as keylogging – along with an impressively-varied set of installation tactics. Unlike most rootkits, Crisis is fully functional for both Windows and Mac OS X environments, besides including installation routines for virtual machines and Windows-based mobile platforms. All variants of Crisis should be considered dangerous and highly-invasive to your PC's privacy, since Crisis can install other PC threats, transfer confidential information to remote attackers or disable important security features. Many PC security companies have developed adequate definitions for Crisis as of the time of this writing and Crisis should be removable by updated anti-malware products, although SpywareRemove.com malware researchers prefer that you avoid falling for Crisis's installation scam (a fake Adobe update) in the first place.

Crisis: A Danger for Most OSes and Quite a Few of the Programs That Reside Within Them

Crisis's sordid story begins with a malicious JavaScript applet that pretends to be an update for Adobe software. PC users who trust this applet enough to install its proffered software will have their operating system detected, after which a suitable variant of Crisis is dropped on the PC. Along with the cross-brand compatibility that launched Crisis into minor infamy, Crisis also includes infection methods for virtual machines – a notable achievement, since most PC threats will disable themselves in VM environments to avoid analysis from PC security companies.

After its installation, Crisis creates a backdoor vulnerability to contact a C&C server. This allows criminals to exercise control over your PC and should be considered a high-level breach of your privacy and security. SpywareRemove.com malware analysts have also noted other attacks by Crisis that can be applied to stealing sensitive information or furthering the contamination of the infected computer, such as:

Monitoring text, voice and video communications from instant messaging programs like Skype and MSN Messenger.
Recording keyboard input and even mouse coordinates.
Taking screenshots.
Monitoring your webcam and microphone.
Tracking which websites are visited according to their web addresses.
Spying on address book entries.

How to Bring an End to This Crisis

Crisis uses rootkit techniques to conceal itself and accomplish many of its attacks, and SpywareRemove.com malware researchers recommend that you use suitably-advanced anti-malware applications to detect and delete Crisis without further problems. Crisis is unlikely to display memory processes or files of its own while Crisis is active, but should be considered open by default unless exceptional measures are taken to disable Crisis. Booting your PC from a clean USB drive, if possible, is recommended.

However, care should be taken when introducing removable devices to a Crisis-infected PC. SpywareRemove.com malware experts have also noted that Crisis includes limited functions to copy itself to removable drives and automatically infect other computers that are exposed to these devices. You should avoid sharing USB drives and other such devices between a Crisis-infected computer and an uninfected system unless you've used anti-malware software to verify that the device is clean.

Technical Details

Additional Information

The following URL's were detected:

club-premium.org