Troj/Agent-XES is a Trojan that circulates via a spam Blackhole malware attack on Twitter. Spam messages on Twitter that spread Troj/Agent-XES use the wording of ‘It’s you on photo?’ and ‘It’s about you?’. An instance of the risky tweets is ‘@[Username] It’s you on photo? [Domain]/#[Username].html’. Threatening links on Twitter state that you are pictured in an online photo. However, there isn’t a photo of you at the end of the link. The accounts that are distributing the fake messages have either been hijacked by scammers or have been made with the intention to spread malicious links. The malware threat at the end of the link is identified as Troj/JSRedir-HY. The script redirects to an IP address that itself diverts to a .CU.CC domain, to run an executable code, which is detected as Troj/Agent-XES, and finally reroutes to a .SU domain that includes the Blackhole exploit kit.
How Can You Detect Troj/Agent-XES?