TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_AGENT.EGK
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Agent.dmm (Kaspersky), Downloader-BES (McAfee), TR/Dldr.SigmaNut.A (Avira), Mal/Basine-C (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_AGENT.EGK Behavior Diagram

Malware Overview

This Trojan arrives as attachment to the following email message spammed by another malware or a malicious user:

{Sample of the spammed email message}

The said spammed email contains a .ZIP file, which contains a copy of this Trojan and an .HTML file. The said .HTML file tricks the user into thinking that the attachment is non-malicious by posing as a purchase receipt. A screenshot is shown below:

{Poses as a purchase receipt}

This Trojan then accesses a Web site to download a file detected by Trend Micro as TROJ_DELF.JPH. As a result, routines of the downloaded Trojan are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 20, 2007 5:37:26 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.