TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_AGENT.AZZZ
Overview
Solution

Malware type: Trojan

Aliases: Backdoor.Win32.Hupigon.bnfb (Kaspersky), Generic PWS.b (McAfee), Backdoor.Robofo.A (Symantec), BDS/Hupigon.bnfb (Avira), Troj/Delf-FAE (Sophos), Backdoor:Win32/Allaple.D (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_AGENT.AZZZ Behavior Diagram

Malware Overview

This memory-resident Trojan arrives on a system as a dropped file of other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites. It also arrives as attachment to spammed email messages. Below is a screenshot of the said email message:

TROJ_AGENT.AZZZ

The email body contains a fake link which points to a Web site, where this Trojan downloads a malicious file detected by Trend Micro as TROJ_AGENT.AZAZ.

The document attached in the email contains the following text and image:

TROJ_AGENT.AZZZ Document Content

When the user clicks the Microsoft WordPad icon, it then drops and executes an embedded .EXE file, which Trend Micro also detects as TROJ_AGENT.AZZZ.

This Trojan also accesses a certain Web site to download and save a file on the affected system. The said downloaded file is detected as TROJ_AGENT.AZZZ.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 2, 2008 4:13:10 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.