Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

FireEye Discovers New Trojan ‘MyAgent’

Investigators from FireEye the security company just recently discovered a malware item they have dubbed Trojan.MyAgent whose activities they've been watching since sometime. From their analysis the researchers perceived that the Trojan chiefly attacks organizations related to chemicals, defense, aerospace and technology.

They (FireEye's researchers) noticed that the malware disseminates through file attachments to e-mails. Thus, once they found that the MyAgent was sent via an executable archive that unleashed one Portable Document File (PDF) bearing the title "Health Insurance and Welfare Policy."

Apart from this PDF document, the Trojan also dropped an .exe file named ABODE32.exe onto the temporary directory of the infected computer's OS (operating system).

A noticeable aspect about this second executable file is that it gains admission into Windows Protected Storage that stores certain passwords such as those meant for Outlook, Internet Explorer or other software, observes FireEye.

Moreover, as soon as MyAgent contaminates its host computer, an interaction is established between itself and its remote C&C (command-and-control) system, the 'Uniform Resource Identifier' (URI), and the code pertaining to user agent, all of which remain integrated to the MyAgent binary. Moreover, according to FireEye, Trojan.MyAgent installs various Dynamic Link Library (DLL) files for interacting with the central C&C server. And although the detection rate of MyAgent is pretty high, FireEye regards the malware as greatly sophisticated due to its vibrantly changing transitional phases while installing its real payload.

There is also JavaScript that MyAgent uses for determining Adobe Reader's version presently active on the infected PC following which it exploits known security flaws within the application so as to launch attacks.

Also according to FireEye, up to date antivirus software can detect nearly all the payloads via putting the binaries to test with VirusTotal.

Now, with the discovery of MyAgent, Symantec another security company is advising channel associates working for industries related to chemical, aerospace, technology and defense for making sure their client AV solutions stays updated. Furthermore, they require telling clients for eschewing compressed PDF archives bearing the title "Health Insurance and Welfare Policy" while remaining vigilant regarding any suspicious looking DLL, the company adds.

Related article: Free Web Host Services: spammer’s bull’s eye

» SPAMfighter News - 25-08-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next