Backdoor.Win32.Agent.aksn and Email Phishing Scams

The Backdoor.Win32.Agent.aksn Trojan is associated with Troj/Inject-QL, a malware duo that can give a hacker unauthorized access to its victim's computer. Backdoor.Win32.Agent.aksn made headlines in fall of 2011 when Backdoor.Win32.Agent.aksn was used in a series of email phishing scams aimed at certain important companies. In an ironic twist, a malicious email associated with Backdoor.Win32.Agent.aksn will try to convince its victims that it has been sent by the IT department of the company in question. This message will claim that a malware infection has been detected and that, consequently, some data may have been lost or stolen. The message's subject will be 'IT Notice' and it will go into detail about a virus infection that has erased certain files and infected some computers in the affected company. ESG security researchers strongly recommend ignoring this email, as it is designed to infect its receiver with the Backdoor.Win32.Agent.aksn Trojan.

How this Fake IT Notice Links to Backdoor.Win32.Agent.aksn

This fake IT notice contains an embedded link that is supposedly meant to take the victim to an anti-malware program to stop the imaginary virus from attacking. This link is quite believable because the criminals behind this scam have found ways to disguise it so that it will appear to come from the company under attack. In fact, this link reroutes the victim to an attack website containing Backdoor.Win32.Agent.aksn and its dastardly partner in crime Trojan.Inject.ql. According to ESG security researchers, the link embedded in the email appears to take the victim to an executable file simply titled as 'antivirus' with a .exe extension which appears to reside on the company's server. Actually, this link goes through another malicious website. The aforementioned malicious link will usually look something like this: which, while superficially convincing, is actually a link to a known attack website.

Distinguishing the Backdoor.Win32.Agent.aksn Email from the Real Thing

In a state of panic about a possible loss of data and malware infection, a computer user may become inattentive, missing details in the email that point to its true source. Simply taking the time to read the text carefully will reveal poor English, bad grammar and spelling and unnatural-sounding language. Remember, most Trojan infections will have a social engineering aspect, a facet which takes advantage of human nature. To avoid becoming a victim of Backdoor.Win32.Agent.aksn, ESG security researchers recommend contacting the supposed source of any email before clicking on unexpected email attachments.

Technical Information

File System Details

Backdoor.Win32.Agent.aksn creates the following file(s):
# File Name Size MD5
1 file.exe 53,248 590205e14bcc536da286eb3537cff392
More files

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.