Home / malware Trojan:W32/Agent.DKJC
First posted on 19 August 2010.
Source: SecurityHomeAliases :
Trojan:W32/Agent.DKJC is also known as PWS:Win32/Zbot.SV (Microsoft).
Explanation :
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
Additional DetailsTrojan:W32/Agent.DKJC identifies files involved in a recent spam run. On running the malicious file, a Zeus/Zbot variant is installed.
This malware is further discussed in our Labs Weblog:
€ Once Again, Zeus
Distribution
The spam run involves malicious ZIP files distributed using varying file names. Names seen so far include:
€ 2010 Contract With LC Change 051005.exe € Flight Attendant-0600003A.exe € Second chord sounds in world's longest lasting concert - Yahoo! News.exe € Cancellation Notice.exe € BURRESS_WEDDING_AUGUST2010.exe € IN255596.exe € 2010 expenses.exe € resume.exe
Activity
Manually executing the malicious ZIP file causes a variant from the Trojan-Spy:W32/Zbot family to install on the machine. For more information on Zeus/Zbot capabilities, please see the Trojan-Spy:W32/Zbot description.
The malware also downloads additional components from two Russian websites:
€ jocudaidie.ru € zephehooqu.ru
Note: Browsing Protection blocks access to these malicious sites.Last update 19 August 2010
