Backdoor.Win32.Agent.dboe

Backdoor.Win32.Agent.dboe is a backdoor Trojan that currently is used for manually-directed attacks against potentially valuable PCs, with Backdoor.Win32.Agent.dboe's distribution using compromised websites related to Asian politics (such as a Korean news site or a Chinese political activism forum). While normal PC users are unlikely to be of interest to the criminals holding Backdoor.Win32.Agent.dboe's strings, Backdoor.Win32.Agent.dboe still is capable of circumventing your online security, installing other malware automatically and avoiding the most basic means of detection. As is generally true for backdoor Trojans, SpywareRemove.com malware researchers encourage using anti-malware tools to remove Backdoor.Win32.Agent.dboe, which may not be the only PC threat on your computer and will try to resist being deleted.

While You're Dreaming of a Reunified Korea, Backdoor.Win32.Agent.dboe May Be Unifying Your PC with Trojans

Attacks that distribute Backdoor.Win32.Agent.dboe have, so far, been found on two separate websites, both devoted to politics in Asian. These exploits appear to have been inserted by hackers, allowing them to infect those sites' traffic through the Java vulnerability of Exploit:Java/CVE-2013-0422, which affects Java 7 prior to Update 11. Browsers that are using outdated versions of Java only have to load such a site to allow Backdoor.Win32.Agent.dboe to be installed automatically, which causes SpywareRemove.com malware experts to, once again, place stress on how important it is to keep Java and JavaScript updated at all times.

The initial payload of this drive-by-download attack actually is a Trojan dropper that's detected as Backdoor.Win32.Agent.dboe. This version of Backdoor.Win32.Agent.dboe installs the backdoor Trojan variant of Backdoor.Win32.Agent.dboe, which is configured to launch with Windows. Backdoor.Win32.Agent.dboe's functions are limited but invasive, as SpywareRemove.com malware researchers discovered:

• Backdoor.Win32.Agent.dboe communicates with a C&C server from which Backdoor.Win32.Agent.dboe may acquire other files to download through instructions from criminals accessing the server. These attacks appear to be reconfigured on a case-by-case basis, and other malware that's installed by Backdoor.Win32.Agent.dboe may, accordingly, vary between different infections.
• Backdoor.Win32.Agent.dboe also may uninstall itself to avoid being detected, but this function will not remove any other malware that's related to Backdoor.Win32.Agent.dboe's attacks.

The Other Ways to Keep Backdoor.Win32.Agent.dboe from Burrowing Its Way Past Your Security

Backdoor.Win32.Agent.dboe seems to be targeted at Chinese dissidents and Korean reunification sympathizers, but most Backdoor.Win32.Agent.dboe infections currently have been found to be located in the United States, Germany, Thailand and Peru. The browser-based attacks that initiate Backdoor.Win32.Agent.dboe infections should be defensible with appropriate web-surfing protection, such as disabling Java, using blacklists for compromised sites and having anti-malware software with protective features against drive-by-download exploits.

If you've visited a site that may have been compromised with an installer for Backdoor.Win32.Agent.dboe, SpywareRemove.com malware research team suggests scanning your PC with anti-malware software immediately. However, PC users without any financially profitable information may take some comfort from knowing that the criminals behind Backdoor.Win32.Agent.dboe appear to be targeting high-profile systems and are unlikely to launch any other invasive attacks before you've deleted Backdoor.Win32.Agent.dboe.

Technical Details