Trojan.Pasam

Trojan.Pasam is a backdoor Trojan that's distributed by mass-mailed e-mail (also known as 'spam') in the form of a fake Word document. Because Trojan.Pasam exploits recently-patched Flash vulnerabilities in its initial installation, SpywareRemove.com malware researchers note that keeping Flash patched can make the difference between a failed Trojan.Pasam attack and a successful one. Trojan.Pasam's distribution levels are currently low, but you should pay attention to suspicious e-mail messages that resemble Trojan.Pasam's preferred templates and delete them immediately without opening the attached .doc file. Like other Trojans of its type, Trojan.Pasam creates backdoor exploits that can be used to take over your PC, with attacks ranging from installing other PC threats or transmitting personal information straight into the hands of criminals.

Trojan.Pasam – from an Inquiry into Military Defense to an Offensive Against Your Computer

Trojan.Pasam uses similar distribution tactics to Trojans like TROJ_MDROP.GDL and TROJ_ARTIEF.ZIGS, although Trojan.Pasam differentiates itself by being a self-contained PC threat instead of just one of several components in an attack. SpywareRemove.com malware analysts have also found Trojan.Pasam's spam e-mail messages to be relatively unique in content, as their templates so far consistently appear to target various defense industry companies with subjects such as invitation letters for specialized meetings or inquiries into military exercises, as noted in the samples shown below:

• Invitation Letter to [REDACTED] 2012
• [E-MAIL USER], The disclosure of [REDACTED] secret weapon deals with the Middle East
• [RANDOM SECURITY COMPANY] is in the unpromising situation after acquisition by [COMPANY]
• FOR more information
• some questions about [REDACTED]
• [E-MAIL USER], I heard about the consolidation of [REDACTED], is that true?
• China-Russia Joint Military Exercises

Trojan.Pasam itself is included in the form of a fake .doc file attachment with file names as follows:

• [RANDOM SECURITY COMPANY].doc
• Consolidation Schedule.doc
• [REDACTED] Invitation Letter to [REDACTED] 2012
• military exercise details.doc
• questions about your course.doc

Unfortunately, Trojan.Pasam isn't an actual Word document and, once opened, will use an object type confusion exploit for Flash (labeled CVE-2012-0779) to infect and launch attacks against your PC. As is always the case with any backdoor Trojan, a Trojan.Pasam infection should always be considered an extreme risk for your computer's safety and privacy, and SpywareRemove.com malware researchers suggest Trojan.Pasam's quick deletion with any trustworthy anti-malware product. You can also protect yourself from Trojan.Pasam by installing the relevant Flash update, which patches this exploit. Computers that don't use Flash, Internet Explorer or Windows can be considered effectively protected against this method of Trojan.Pasam installation by default.

What Trojan.Pasam's Simple Text File Turns Into After Launching

Trojan.Pasam infects Windows .dll files to launch its platform of attacks, which have been found to include:

• Sending system information (such as which memory processes are running or how much space is on your HD) to a remote C&C server for criminal perusal.
• Shutting down processes without your permission – this can be used to block you from using security-related applications that could assist with Trojan.Pasam's deletion.
• Deleting files without your permission.
• Launching files, potentially including malicious ones, without your permission.

These attacks are considered middling security risks, but prolonged contact with Trojan.Pasam can also open up potential exposure to even more serious PC threats than Trojan.Pasam itself. SpywareRemove.com malware researchers recommend using anti-malware software to detect any potential Trojan.Pasam attacks since any direct symptom of a Trojan.Pasam infection can be negligible.

Technical Details