Home / malwarePDF  

Agent.BAO


First posted on 01 March 2007.
Source: SecurityHome

Aliases :

Agent.BAO is also known as Trojan-Downloader.Win32.Agent.bao, Trojan.Downloader.Agent.ACT, TR/Dldr.Agent.bao.

Explanation :

Agent.BAO, a variant of Agent, is a Trojan. Agent.BAO downloads different trojans and backdoors and activate them on an affected system without user's approval.

Agent.BAO is a trojan downloader. It connects to a specified site on the Internet and gets more malicious download links.


Upon execution, it drops a copy of itself from the following location:



It also creates a service with the following service name:



It adds the following service registry entry:



It downloads a text file from the following site:



This text file contains download links of other malware.


Below is the list of some of the download sites gathered and the corresponding detection name of the downloaded files:


Note: The download links may vary depending on the content of the downloaded text file.


Moreover, Agent.BAO also creates a file named autorun.inf in the directory where the copy of the trojan is located. This is used to automatically execute the trojan when the folder is opened.

Last update 01 March 2007

 

TOP

Malware :

Family: