News Stay informed about the latest enterprise technology news and product updates.

Password-protected Trojan slides under antivirus scans

The Tofger Trojan uses a password-protected zip file to deliver a dangerous payload -- a keystroke logger.

Antivirus experts recommend updating signatures and other mitigations to protect against a Trojan that uses a seemingly...

safe password-protected zip file to deliver its payload.

Experts aren't in agreement on naming conventions and call it: Troj/Tofger.A, MultiDropper.GP.A, TrojanDropper.JS.Mimail.B and Trojan.Sefex. It logs keystrokes and sends them to a remote location on an active Internet connection. It runs automatically when Windows starts by modifying system.exe file, registry entries and other settings.

The Trojan arrives via e-mail with a blank subject, a password-protected attachment, and includes the password in the message body. The zip attachment flies under the radar of most antivirus software, and an unsuspecting user inputs the password to open the zip file. Inside is an HTML file (Profile.html), which in turn drops the payload (dating.exe, or something equally enticing).

While this Trojan doesn't self-replicate, it propagates through e-mail, IRC, peer-to-peer sharing and other delivery methods. To mitigate the problem, change compromised passwords, edit the target registry entry or delete Windows files. You can also disable HTML e-mail, either filtering at the perimeter or at the client.

Dig Deeper on Real-time network monitoring and forensics

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.