DLL attack

6/16: Agent.DGW Trojan Unknowingly Downloaded
June 16, 2008

Agent.DGW Trojan is dropped by other malware. It can be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive as a .DLL file that exports functions used by other malware.

Other malware can also use this Trojan for their malicious routines, specifically for downloading possibly malicious files.

http://www.esecurityplanet.com/alerts/article.php/3753146

http://snipurl.com/2j8u1

File type: DLL Size of malware: 32,768 Bytes Initial samples received on: May 28, 2008 Payload 1: Downloads files

Details: This Trojan is dropped by other malware. It can be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive as a .DLL file that exports functions used by other malware. It creates the following registry entry to enable its automatic execution at every system startup: HKEY_CLASSES_ROOT\CLSID\ {9813B1C3-32B9-1B69-AACD-57F6959FDBB3}\InprocServer32 (default) = "{malware path and file name}" It creates the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\8902a0d3 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\cd46e497 Other malware can also use this Trojan for their malicious routines, specifically for downloading possibly malicious files. It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

Related articles

• Microsoft slates seven fixes for next week [via Zemanta]
• HP ships USB sticks with malware [via Zemanta]
• Windows XP: Going, going ... gone? [via Zemanta]
• PC stripper helps spam to spread [via Zemanta]
• Microsoft patches 10 flaws with seven bulletins [via Zemanta]