TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_AGENT.FAKZ
Overview
Solution

Malware type: Trojan

Aliases: Trojan.Win32.BHO.mtq (Kaspersky), W32/FakeAlert.AJ.gen!Eldorado (generic, not disinfectable) (F-Prot),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_AGENT.FAKZ Behavior Diagram

Malware Overview

This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating registry keys/entries.

It monitors an affected user's browsing habits. Upon execution, it opens the following instance of Internet Explorer that connects to a certain malicious site.

Display Window

Clicking on the Download Free Movie link displays the following pop-up message:

{Fake warning}

Clicking on either the yes or no button redirects users to certain URLs to download a fake antivirus program detected as TROJ_FAKEAV.ANI. As a result, routines of the downloaded Trojan are also exhibited on the affected system.

Alternatively, clicking on the Click here to see more video link redirects the affected user to another malicious site.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 24, 2009 4:15:34 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.