Home About Us Products Support Downloads Resellers Links







 

Latest News
Latest Threats
Trainings
Mailing Lists

 

 

 

 

 

Latest Threats
 

New Trojan-Downloader : W32/Agent.IDO

 

Urgency:

Large (Small/Medium/Large/Urgent)

 

Description

Inter Engineering and F-Secure warns you for a new Trojan-Downloader.

 

Summary

This type of Trojan secretly downloads malicious files from a remote server, then installs and executes the files.

 

Additional Details

The trojan-downloader Agent.IDO drops the following files onto the system:

  • %windir%\system32\win.exe

  • %ProgramFiles%\Microsoft Commom\svchost.exe


The svchost.exe file is detected as Trojan-Downloader:W32/Agent.IDP.


Payload
The downloading component of this trojan-downloader is actually another malware, Agent.IDP, which is part of its payload.

Once dropped, Agent.IDP adds the following autorun key to the Windows registry, so that it will run at each subsequent startup:

  • Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer
    Value: Debugger
    Data: %Program Files%\Microsoft Common\svchost.exe


When executed, Agent.IDP attempts to connect to the following websites:

  • http://univnext.cn/ld.php?v=1&rs=[...]=1&uid=1

  •  http://218.93.202.102/ld.php?v=1&rs=[...]=1&uid=1

  •  http://whv67.cn/ld.php?v=1&rs=[...]=1&uid=1


Fortunately, these websites are currently not operational.

 


 

Suggested solutions

 

You can entrust all F-Secure products that deal with malware treatment.

 

 

For more technical information contact Support Department via e-mail Support@inter.gr or via phone +30.2410.670030.

 

 

To contact us: 
Tel. +30.2410.670030
Fax.+30.2410.670006
Email: info@inter-datasecurity.com
 www.inter-datasecurity.com