Antivirus experts recommend updating signatures and other mitigations to protect against a Trojan that uses a seemingly...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
safe password-protected zip file to deliver its payload.
Experts aren't in agreement on naming conventions and call it: Troj/Tofger.A, MultiDropper.GP.A, TrojanDropper.JS.Mimail.B and Trojan.Sefex. It logs keystrokes and sends them to a remote location on an active Internet connection. It runs automatically when Windows starts by modifying system.exe file, registry entries and other settings.
The Trojan arrives via e-mail with a blank subject, a password-protected MyProfile.zip attachment, and includes the password in the message body. The zip attachment flies under the radar of most antivirus software, and an unsuspecting user inputs the password to open the zip file. Inside is an HTML file (Profile.html), which in turn drops the payload (dating.exe, or something equally enticing).
While this Trojan doesn't self-replicate, it propagates through e-mail, IRC, peer-to-peer sharing and other delivery methods. To mitigate the problem, change compromised passwords, edit the target registry entry or delete Windows files. You can also disable HTML e-mail, either filtering at the perimeter or at the client.