TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TSPY_AGENT.YZR
Overview
Solution
Technical Details

QUICK LINKS  

Download the latest scan engine

TypeSpyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows XP, Server 2003

Encrypted: No

Overall risk rating:

 Low

Reported detections:

 Low

System  impact:

 High

Information exposure:

 High
 

Description:

To get a one-glance comprehensive view of the behavior of this spyware, refer to the Behavior Diagram shown below.

TSPY_AGENT.YZR Behavior Diagram

Spyware Overview

This spyware is dropped by another malware detected by Trend Micro as TROJ_DROPPER.CNH. It arrives as a component bundled within the said Trojan's package.

It monitors user activities when visiting certain IP addresses, which are mostly related to digital gold currency sites such as e-Gold, Liberty Reserve, and e-Bullion. It then steals information by logging keystrokes. Stolen information may include user names and passwords of the affected user's account/s.

This spyware sends its gathered information to a remote malicious user using HTTP POST. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep 4, 2007




Tell us how we did. Take our quick survey.