Trend Micro is closely monitoring the latest Trojan outbreak that has affected several organizations around the world, being commonly referred to as KOVTER.
Summary
Kovter is a Trojan that can be downloaded by other malware/grayware/spyware from remote sites. It connects to certain websites to send and receive information. It deletes the initially executed copy of itself.
File Type: EXE
Memory Resident: Yes
Payload: Connects to URLs/IPs
Here's how KOVTER commonly infects your computer:
- Kovter arrives as Adobe Flash Advertising attack.
- Latest Kovter variants are arrived as an attachment from spam mails. Macro based malspam.
Solution
As of July 20, 2017, the resolution for this issue is now available from Trend Micro's ActiveUpdate server. Trend Micro Security 2017 customers will receive the fix on the next scheduled update or manually download it by clicking > About the Software on the main console.
Release Summary:
TMTD Pattern: 168100
OPR Pattern Date: July 20, 2017
Additional Pattern released for detection of Kovter:
TMTD Pattern: 168300
OPR Pattern Date: July 27, 2017
If your Trend Micro Security program still continuously detects KOVTER after performing a program update, contact our Technical Support for help.
References:
Threat Encyclopedia Entries: