FireEye Discovers New Trojan ‘MyAgent’

Investigators from FireEye the security company just recently discovered a malware item they have dubbed Trojan.MyAgent whose activities they've been watching since sometime. From their analysis the researchers perceived that the Trojan chiefly attacks organizations related to chemicals, defense, aerospace and technology.

They (FireEye's researchers) noticed that the malware disseminates through file attachments to e-mails. Thus, once they found that the MyAgent was sent via an executable archive that unleashed one Portable Document File (PDF) bearing the title "Health Insurance and Welfare Policy."

Apart from this PDF document, the Trojan also dropped an .exe file named ABODE32.exe onto the temporary directory of the infected computer's OS (operating system).

A noticeable aspect about this second executable file is that it gains admission into Windows Protected Storage that stores certain passwords such as those meant for Outlook, Internet Explorer or other software, observes FireEye.

Moreover, as soon as MyAgent contaminates its host computer, an interaction is established between itself and its remote C&C (command-and-control) system, the 'Uniform Resource Identifier' (URI), and the code pertaining to user agent, all of which remain integrated to the MyAgent binary. Moreover, according to FireEye, Trojan.MyAgent installs various Dynamic Link Library (DLL) files for interacting with the central C&C server. And although the detection rate of MyAgent is pretty high, FireEye regards the malware as greatly sophisticated due to its vibrantly changing transitional phases while installing its real payload.

There is also JavaScript that MyAgent uses for determining Adobe Reader's version presently active on the infected PC following which it exploits known security flaws within the application so as to launch attacks.

Also according to FireEye, up to date antivirus software can detect nearly all the payloads via putting the binaries to test with VirusTotal.

Now, with the discovery of MyAgent, Symantec another security company is advising channel associates working for industries related to chemical, aerospace, technology and defense for making sure their client AV solutions stays updated. Furthermore, they require telling clients for eschewing compressed PDF archives bearing the title "Health Insurance and Welfare Policy" while remaining vigilant regarding any suspicious looking DLL, the company adds.

Related article: Free Web Host Services: spammer’s bull’s eye

» SPAMfighter News - 8/25/2012