TROJ_ARTIEF.DOC

TROJ_ARTIEF.DOC is a malicious .rtf file that's distributed by spam e-mail messages under the pretense of offering news about North Korea's recent (and, for better or worse, botched) rocket launch. By exploiting .rtf-specific vulnerabilities, TROJ_ARTIEF.DOC installs its payload, the backdoor Trojan BKDR_POISON.DOC. Backdoor Trojans of any sort, including those that are installed by TROJ_ARTIEF.DOC, should always be considered serious security threats to your PC as they allow criminals to exert control over your computer via a remote Command & Control server. Although TROJ_ARTIEF.DOC's payload may be used for a range of different attacks, SpywareRemove.com malware analysts consider BKDR_POISON.DOC's keylogging attacks to be its most noteworthy characteristic, since keylogging can be used to steal passwords and other forms of sensitive information with minimal symptoms of the theft occurring. If you're in the habit of opening unusual e-mail file attachments that resemble TROJ_ARTIEF.DOC according to the above description, you may want to consider scanning your PC in case TROJ_ARTIEF.DOC has abused your trust to install a spy onto your hard drive.

TROJ_ARTIEF.DOC – Another Reason Why You Shouldn't Trust Obvious File Types from Non-Obvious Sources

Similar to TROJ_MDROP.GDL, TROJ_ARTIEF.ZIGS or Trojan dropper variants of Backdoor.Meciv, TROJ_ARTIEF.DOC is named to appear as a Word document, but its .doc file type doesn't match its true file type at all, which is a .rtf. While even .rtf files are, under normal circumstances, harmless text files, TROJ_ARTIEF.DOC exploits its file type by using a Microsoft Office vulnerability that SpywareRemove.com malware researchers identify as CVE-2010-3333, which allows TROJ_ARTIEF.DOC to execute arbitrary and malicious code after you launch its file. The following programs are vulnerable to TROJ_ARTIEF.DOC's attack, especially if not updated to reduce the presence of such security weaknesses:

• Microsoft Office 2003 Service Pack 3
• Microsoft Office 2004 (for Mac operating systems only)
• Microsoft Office 2007 Service Pack 2
• Microsoft Office 2008 (for Mac operating systems only)
• Microsoft Office 2010
• Microsoft Office 20011 (for Mac operating systems only)
• Microsoft Office XP Service Pack 3
• Open XML File Format Converter (for Mac operating systems only)

If TROJ_ARTIEF.DOC is opened and is able to take advantage of the CVE-2010-3333 vulnerability, the backdoor Trojan BKDR_POISON.DOC will be installed onto your PC. BKDR_POISON.DOC, in addition to allowing criminals to control your PC like any backdoor Trojan would, has also been noted to contain spyware-esque capabilities, which SpywareRemove.com malware researchers specifically note to extend to attacks such as keylogging, capturing screenshots and even recording webcam data.

Hoarding Your Info Away from TROJ_ARTIEF.DOC's Eager Eyes

Because TROJ_ARTIEF.DOC propagates via e-mail messages under misleading names like 'North Korea satellite launch eclipses that of Iran.doc,' SpywareRemove.com malware analysts emphasize the necessity of avoiding suspicious file attachments from mass-mailed e-mail messages as a top way to protect your PC from TROJ_ARTIEF.DOC. However, if you have opened such a file, you should be aware that symptoms of backdoor Trojans like BKDR_POISON.DOC rarely show visible symptoms and are most easily detected by anti-malware programs that are designed for the purpose.

Keeping vulnerable software (as noted earlier in this article) updated can also reduce potential vulnerabilities that TROJ_ARTIEF.DOC could exploit, and SpywareRemove.com malware researchers always recommend that you keep any applications on your PC as updated as possible for this reason. Ignoring these security issues and allowing TROJ_ARTIEF.DOC to take advantage of your PC can result in theft of account passwords and related information, which may then lead to bank account-related attacks and other security issues that can extend well past the confines of your computer.

Technical Details