KOVTER Trojan and Trend Micro Security Protection

Trend Micro is closely monitoring the latest Trojan outbreak that has affected several organizations around the world, being commonly referred to as KOVTER.

We assure you that the latest version of Trend Micro Security provides effective protection against KOVTER.

Summary

Kovter is a Trojan that can be downloaded by other malware/grayware/spyware from remote sites. It connects to certain websites to send and receive information. It deletes the initially executed copy of itself.

File Type: EXE

Memory Resident: Yes

Payload: Connects to URLs/IPs

How KOVTER infects your computer

• Kovter arrives as Adobe Flash Advertising attack.
• Latest Kovter variants are arrived as an attachment from spam mails. Macro based malspam.

Solution

Make sure you are using the latest version of Trend Micro Security. You can check here if you already have the latest version or follow instructions here to upgrade Trend Micro Security to the latest version.

Release Summary

TMTD Pattern: 168100

OPR Pattern Date: July 20, 2017

Additional Pattern Release for Kovter detection

TMTD Pattern: 168300

OPR Pattern Date: July 27, 2017

Additional Assistance

Trend Micro highly recommends that vendor critical patches should be applied as soon as possible upon release. Customers and partners who have questions are encouraged to contact Trend Micro Technical Support for assistance.

See also

• https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/lnk_kovter.sm
• http://www.trendmicro.fi/vinfo/fi/threat-encyclopedia/malware/troj_kovter.yadp