Trojan-FakeAV.Win32.Agent.dqs

ESG security analysts have detected a malware campaign involving the Trojan-FakeAV.Win32.Agent.dqs Trojan. This attack is being carried out through spam on the Twitter social network. Criminals have managed to hijack various accounts, and then use them to display various malicious links, all containing .su, .tw1, or .tk domains. Visiting these malicious hosts results in getting infected with fake anti-virus software in the FakeVimes family of malware, such as Windows Antivirus Patch, Windows Trojans Sleuth or Windows Safety Manager. As soon as the visitor enters these malicious domains, their web browser will display an error message claiming that the victim's computer system is infected with malware and then claiming that it will need to scan the victim's system in search for this supposed malware infection.

However, rather than carrying out a scan, it is actually installing Trojan-FakeAV.Win32.Agent.dqs on the victim's computer system, which results in an infection with rogue anti-virus software. The Twitter spam campaign has also been observed to direct computer users to attack websites containing the BlackHole exploit kit. After its release to the public in underground torrent networks about a year ago, the number of attacks involving this dangerous exploit package has grown exponentially. As soon as a victim visits a website using this exploit pack, it will attempt to exploit several vulnerabilities simultaneously in order to install Trojan-FakeAV.Win32.Agent.dqs and other malware on the infected computer system.

Spam Campaigns and Malware Like Trojan-FakeAV.Win32.Agent.dqs

Trojans can be quite devastating to a computer system. However, Trojans have a weakness: they cannot spread on their own. Named after the Trojan Horse from Homer's Illiad, these kinds of malware will require either a secondary malware infection to place them in the victim's computer system (such as the JavaScript Trojans that the BlackHole exploit kit uses to take advantage of system vulnerabilities) or a social engineering scam (such as the message claiming that the victim's computer is infected and requires a scan in Trojan-FakeAV.Win32.Agent.dqs attack). These characteristics make spam email an ideal propagation method for malware like Trojan-FakeAV.Win32.Agent.dqs. Criminals can easily craft email messages claiming to contain some kind of beneficial file but actually delivering malware like Trojan-FakeAV.Win32.Agent.dqs instead. Social networks like Twitter and Facebook are rising quickly as a preferred method for delivering Trojans due to their high user base and the relative inexperience of computer users found on these networks.