McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

Spy-Agent.cf.dr

This page shows details and results of our analysis on the malware Spy-Agent.cf.dr

Threat Detail

Malware Type: Trojan

Malware Sub-type: Dropper

Discovery Date: 2007-09-13

Next Steps:

Overview

This description is for a malware which arrives as a spammed email. The characteristics of this malware with regards to the file names, port number used, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.


Minimum DAT

5119 (2007-09-13)

Updated DAT

6050 (2010-07-21)

 Minimum Engine

5.3.00

File Length

76,827 bytes

 Description Added

2007-09-13

Description Modified

2010-03-26

Malware Proliferation

Characteristics

This malware is currently being spammed and arrives as an email message with the following properties:

Subject:

"Copyright Lawsuit filed against you."

Body:

To Whom It May Concern:

On the link bellow is a copy of the lawsuit that we filed against you in court on March 11, 2010.
Currently the Pretrail Conference is scheduled for April 11th, 2010 at 10:30 A.M. in courtroom #36.

The case number is 3485934. The reason the lawsuit was filed was due to a completely inadequate response from your company for copyright infrigement that our client Touchstone Advisories Inc is a victim of Copyright infrigement

http://www.touchstoneadvisorsonline.com/[Removed]
Touchstone Advisories Inc has proof of multiple Copyright Law violations that they wish to present in court on April 11th, 2010.

Sincerely,

Mark R. Crosby
Crosby & Higgins LLP

The URL in the email points to a malicious document file, detected as Spy-Agent.cf.dr.

The user would have to manually click on the link in the email, which points to the malicious document file, and open the document. Given below is a screenshot of what the document, when opened looks like:

The user would then have to manually open the embedded attachment in this document to get infected. This attachment is an executable and is detected as Spy-Agent.cf.

Given below is a screenshot of the warning message displayed by Windows when this attachment is opened:


Symptoms

Other than the spammed email message and the embedded executable in the downloaded document file, there are no other visible symptoms for this threat.

Method of Infection

This trojan does not self-replicate. It arrives as a spammed message with the subject "Copyright Lawsuit filed against you".

Such trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

 

Variants

United States - English