Internet Anthropologist Think Tank: DLL attack

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Monday, June 16, 2008

    DLL attack



    6/16: Agent.DGW Trojan Unknowingly Downloaded
    June 16, 2008

    Agent.DGW Trojan is dropped by other malware. It can be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive as a .DLL file that exports functions used by other malware.

    Other malware can also use this Trojan for their malicious routines, specifically for downloading possibly malicious files.

    http://www.esecurityplanet.com/alerts/article.php/3753146

    http://snipurl.com/2j8u1

    File type: DLL

    Size of malware: 32,768 Bytes

    Initial samples received on: May 28, 2008


    Payload 1: Downloads files



    Details:

    This Trojan is dropped by other malware. It can be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive as a .DLL file that exports functions used by other malware.

    It creates the following registry entry to enable its automatic execution at every system startup:

    HKEY_CLASSES_ROOT\CLSID\
    {9813B1C3-32B9-1B69-AACD-57F6959FDBB3}\InprocServer32
    (default) = "{malware path and file name}"

    It creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\8902a0d3

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\cd46e497

    Other malware can also use this Trojan for their malicious routines, specifically for downloading possibly malicious files.

    It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.


    Zemanta Pixie

    Labels: ,

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home