Home Malware Programs Trojans Troj/Agent-ABOB

Troj/Agent-ABOB

Posted: May 8, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 73
First Seen: May 8, 2013
Last Seen: December 13, 2023
OS(es) Affected: Windows

Troj/Agent-ABOB is a Trojan that most recently was distributed through a compromised sub-domain of the official US Department of Labor website. Although the relevant sub-domain has since been taken down to prevent any further distribution of Troj/Agent-ABOB, anyone who loaded sem.dol.gov (a repository of information on toxic substances) with an unprotected PC should assume their computer potentially to be infected with Troj/Agent-ABOB. Currently, Troj/Agent-ABOB is associated with backdoor Trojan attacks that work around various security features, as well as the installation of additional kinds of malware. You should remove Troj/Agent-ABOB, just like any Trojan related to backdoor attacks, with appropriate anti-malware applications that are designed to isolate and delete advanced PC threats.

Bobbing for Toxic Software in a Government Site

Structurally, Troj/Agent-ABOB doesn't do much to set itself apart from other Trojans that are utilized in multi-component attack campaigns that are designed to infiltrate your PC and hand control of it over to criminals. What makes Troj/Agent-ABOB worth a headline is how Troj/Agent-ABOB most recently was distributed through the Web – via a toxic substance data resource on a US government site that was hacked and forced to host a drive-by-download exploit. Several browser vulnerabilities were utilized for the purpose of forcing this download to take place automatically, but SpywareRemove.com malware experts note that PC users with updated software, particularly with respect to their browsers, operating systems and all relevant security programs, are likely to be able to block this attack by default. The specific vulnerability employed, CVE-2012-4792, can be evaded through both general Windows patches and by using modern versions of Internet Explorer (or a different browser entirely).

Troj/Agent-ABOB has a high but variable detection rate among different anti-malware programs. Due to its similarities to other PC threats, Troj/Agent-ABOB may be detected as a variant of the PoisonIvy backdoor Trojan, a generic Trojan dropper or a variant of Zeus (AKA Zbot). Naturally, SpywareRemove.com malware researchers also associate Troj/Agent-ABOB with backdoor attacks that may be used to:

  • Contact a remote server, through which criminals can control your PC by issuing commands, installing malicious software, stealing information or altering your files.
  • Install other types of malicious software, either predesignated payloads or configurable ones. With respect to malware seeded on government-related sites, spyware and worms are some of the most common payloads.

The theories on Troj/Agent-ABOB's choice of domains vary from the criminals in question attacking any vulnerable domain (it is worth noting that the sub-domain hacked to host Troj/Agent-ABOB is hosted on a completely separate server from the main US Department of Labor's website), or, alternatively, being targeted specifically in the hopes of gaining access to the PCs of government employees.

Getting the Taste of Troj/Agent-ABOB Out of Your Mouth

Troj/Agent-ABOB comes at a time when it's clear that even normally trustworthy sites can be compromised and forced to host exploits for installing malware. On a website administrator's end, SpywareRemove.com malware analysts urge you to monitor your site's code regularly and keep your site maintenance software updated as a means of preventing any potential hacks. With respect to victims who visit compromised sites, updated software, likewise, still is critical, and it also is encouraged to use anti-malware products with some web-browsing security features.

Troj/Agent-ABOB does not display any kind of deliberate symptom and most likely is designed to install other malware without any evidence of its attacks. However, as noted earlier in its detection rates, most anti-malware scanners should be able to pick up Troj/Agent-ABOB and proceed with deleting Troj/Agent-ABOB with very little trouble.

Loading...