Troj/Agent-ABOB
Posted: May 8, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 73 |
| First Seen: | May 8, 2013 |
|---|---|
| Last Seen: | December 13, 2023 |
| OS(es) Affected: | Windows |
Troj/Agent-ABOB is a Trojan that most recently was distributed through a compromised sub-domain of the official US Department of Labor website. Although the relevant sub-domain has since been taken down to prevent any further distribution of Troj/Agent-ABOB, anyone who loaded sem.dol.gov (a repository of information on toxic substances) with an unprotected PC should assume their computer potentially to be infected with Troj/Agent-ABOB. Currently, Troj/Agent-ABOB is associated with backdoor Trojan attacks that work around various security features, as well as the installation of additional kinds of malware. You should remove Troj/Agent-ABOB, just like any Trojan related to backdoor attacks, with appropriate anti-malware applications that are designed to isolate and delete advanced PC threats.
Bobbing for Toxic Software in a Government Site
Structurally, Troj/Agent-ABOB doesn't do much to set itself apart from other Trojans that are utilized in multi-component attack campaigns that are designed to infiltrate your PC and hand control of it over to criminals. What makes Troj/Agent-ABOB worth a headline is how Troj/Agent-ABOB most recently was distributed through the Web – via a toxic substance data resource on a US government site that was hacked and forced to host a drive-by-download exploit. Several browser vulnerabilities were utilized for the purpose of forcing this download to take place automatically, but SpywareRemove.com malware experts note that PC users with updated software, particularly with respect to their browsers, operating systems and all relevant security programs, are likely to be able to block this attack by default. The specific vulnerability employed, CVE-2012-4792, can be evaded through both general Windows patches and by using modern versions of Internet Explorer (or a different browser entirely).
Troj/Agent-ABOB has a high but variable detection rate among different anti-malware programs. Due to its similarities to other PC threats, Troj/Agent-ABOB may be detected as a variant of the PoisonIvy backdoor Trojan, a generic Trojan dropper or a variant of Zeus (AKA Zbot). Naturally, SpywareRemove.com malware researchers also associate Troj/Agent-ABOB with backdoor attacks that may be used to:
- Contact a remote server, through which criminals can control your PC by issuing commands, installing malicious software, stealing information or altering your files.
- Install other types of malicious software, either predesignated payloads or configurable ones. With respect to malware seeded on government-related sites, spyware and worms are some of the most common payloads.
The theories on Troj/Agent-ABOB's choice of domains vary from the criminals in question attacking any vulnerable domain (it is worth noting that the sub-domain hacked to host Troj/Agent-ABOB is hosted on a completely separate server from the main US Department of Labor's website), or, alternatively, being targeted specifically in the hopes of gaining access to the PCs of government employees.
Getting the Taste of Troj/Agent-ABOB Out of Your Mouth
Troj/Agent-ABOB comes at a time when it's clear that even normally trustworthy sites can be compromised and forced to host exploits for installing malware. On a website administrator's end, SpywareRemove.com malware analysts urge you to monitor your site's code regularly and keep your site maintenance software updated as a means of preventing any potential hacks. With respect to victims who visit compromised sites, updated software, likewise, still is critical, and it also is encouraged to use anti-malware products with some web-browsing security features.
Troj/Agent-ABOB does not display any kind of deliberate symptom and most likely is designed to install other malware without any evidence of its attacks. However, as noted earlier in its detection rates, most anti-malware scanners should be able to pick up Troj/Agent-ABOB and proceed with deleting Troj/Agent-ABOB with very little trouble.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.