Home Malware Programs Trojans Upatre

Upatre

Posted: October 8, 2013

Upatre is a Trojan downloader that installs other threats without any show of symptoms to let the victim know that the attack has occurred. Programs installed by Upatre have been known to include high-level PC threats such as variants of Trojan Zeus (a prominent and sophisticated banking Trojan). Because of its small size, simplicity and lack of symptoms, Upatre is easy to overlook, and protecting your computer from Upatre's known infection vectors, which primarily consist of spam e-mail, is important for the security of both your PC and your bank account. The Upatre infections always are intended to be accompanied by other PC threats that shouldn't be underestimated – and prolonged anti-malware analysis by appropriate security software is the best way to remove Upatre and its payloads once their presence is suspected.

The Pattering of Little Trojan Feet from E-mail Messages to Your Hard Drive

Upatre is a small but effective Trojan downloader that recently was examined by researchers at Dell SecureWorks, with its part in the overall Zeus campaign elaborated upon for the benefit of any future would-be victims. Zeus, as regular readers will be well aware, is a particularly famous and well-financed banking Trojan that has seen numerous revisions and updates over time, albeit always with the intent of enabling the Trojan to steal financial and personal information for improving the bottom lines of criminals. Upatre has turned out to be one of the newest distributors of Upatre as of this year, but also includes downloading functions that could install other kinds of threats indiscriminately.

Upatre, itself, enjoys distribution by yet another Trojan, Cutwail, which uses its botnet for activities that now include sending spam e-mails with Upatre as an attachment. The spam e-mail messages are disguised for resembling government missives or messages from a major banking institution to encourage victims to open a file attachment that installs Upatre (through a multiple-step procedure that involves self-deleted files for covering the attack's tracks). Upatre then installs Zeus, and any other payloads, as instructed.

Catching a Digital Thief in the Act

Upatre uses a single function for its entire file-downloading act, making Upatre an exceptionally streamlined example of a Trojan downloader. This allows Upatre to have a very small file size which, in combination with its secretive installation method and its nonexistent symptoms, make it difficult for anyone to detect Upatre. Upatre also adds in an extra level of protection for its communications by using SSL encryption to confuse security programs that may be monitoring Upatre. However, adequately competent and updated anti-malware products shouldn't be fooled by this basic defense – although malware experts consider it a worrying general trend when even the 'stepping stone' Trojans of a multiple-Trojan attack are enjoying non-negligible defensive features.

Of course, removing Upatre or Zeus with anti-malware software will not be necessary at all, as long as you take all appropriate precautions to browse the Web safely. As one of the major infection vectors for high-level PC threats, file attachments sent through e-mail always should be regarded with suspicion, and SpywareRemove.com malware experts suggest deleting them on sight. Legitimate government agencies and banking companies never will ask you to open unusual file attachments – and the risk of Upatre and similar kinds of threats is the exact reason for that policy.

Related Posts

Loading...