TROJ_ARTIEF.ZIGS

TROJ_ARTIEF.ZIGS is a Trojan dropper that installs a backdoor Trojan onto your PC, and, thusly presents a severe security threat to any computer. Since TROJ_ARTIEF.ZIGS is distributed as a fake Word Document attachment for spam e-mail messages that pretend to be advisories about London Olympics ticket hoaxes, SpywareRemove.com malware researchers recommend that you be careful to avoid downloading or opening suspicious file attachments that resemble the above description. Other than installing a second Trojan onto your computer, TROJ_ARTIEF.ZIGS hasn't been noted to engage in other attacks, but the Microsoft Office exploit that TROJ_ARTIEF.ZIGS uses to accomplish this can be reconfigured to install other types PC threats, which is why a full system scan is recommended after any possible TROJ_ARTIEF.ZIGS attack. Keeping your relevant software updated is also noted as a helpful means of enhancing your security from TROJ_ARTIEF.ZIGS, which can't deliver its payload without this exploit.

How's TROJ_ARTIEF.ZIGS Criminal Distributors Cover Up the Real Attack with Warnings of a Fake One

TROJ_ARTIEF.ZIGS is propagated by e-mail spam messages that purport to be warnings about ticket hoaxes for the upcoming London Olympics. Enclosed in this spam is a fake .doc file (for an example of one of TROJ_ARTIEF.ZIGS 's possible file names: 'Waring-Tickets for London 2012.doc') that actually is TROJ_ARTIEF.ZIGS in a hidden .rtf format, which allows TROJ_ARTIEF.ZIGS to use the Microsoft Word exploit 'CVE-2010-3333' to attack your PC. This exploit is rated as critical due to its ability to allow hostile software to be installed, which SpywareRemove.com malware analysts have found TROJ_ARTIEF.ZIGS to use to install BKDR_CYSXL.A, a backdoor Trojan.

After BKDR_CYSXL.A has been installed by TROJ_ARTIEF.ZIGS, your computer may reboot, but other symptoms of attacks by BKDR_CYSXL.A haven't been noted. BKDR_CYSXL.A injects its code into svchost.exe (a normal Windows file) to avoid detection and is capable of a wide range of security-threatening attacks that allow criminals to control your PC from a remote Command & Control server. Examples of attacks by BKDR_CYSXL.A that SpywareRemove.com malware analysts have rated as particularly dangerous include forcing your PC into a system freeze, forcing your PC to reboot, creating files, deleting files and contacting a remote server to send or receive data.

Keeping TROJ_ARTIEF.ZIGS from Dancing Its Two-Step Attack on Your Computer's Hard Drive

As TROJ_ARTIEF.ZIGS's sole method of distribution at this point is via its fake hoax alerts about Olympics tickets scams, SpywareRemove.com malware research team is pleased to note that the strongest and easiest way to protect your PC from TROJ_ARTIEF.ZIGS is merely to delete TROJ_ARTIEF.ZIGS's e-mail spam. Anti-malware products that have updated databases should also be able to detect TROJ_ARTIEF.ZIGS and delete TROJ_ARTIEF.ZIGS before attacks can be launched against your computer. A last preventative measure is to update all Microsoft Office software on your computer, which can reduce the presence of exploits like 'CVE-2010-3333' that TROJ_ARTIEF.ZIGS could take advantage of during its attacks.

If you suspect that TROJ_ARTIEF.ZIGS has installed BKDR_CYSXL.A onto your PC, you should avoid any attempt to detect either of these PC threats by yourself, particularly since the latter is noted for its code-injection attacks (which are typical of relatively advanced backdoor Trojans). Until TROJ_ARTIEF.ZIGS and all of its related PC threats are deleted by appropriate anti-malware products, you should consider your computer open to attack by criminals. Likely attacks that SpywareRemove.com malware researchers have discovered in association with backdoor Trojans include theft of personal information, the installation of other PC threats, browser redirects and loss of control over security software and settings.

Technical Details