Troj/Agent-XDD
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 7 |
First Seen: | July 25, 2012 |
Last Seen: | February 23, 2022 |
OS(es) Affected: | Windows |
Scanners and photocopiers with email capabilities are commonly used in many offices. These devices are often connected to a local office network and are designed to email the recipient with a scanned document in order to save recipients the time of having to get up to retrieve their documents. Unfortunately, criminals have started to take advantage of this functionality in order to create a spam email campaign that distributes the Troj/Agent-XDD Trojan (an innocuous backdoor Trojan) via email messages disguised to appear as if they have been sent by your office scanner. To avoid becoming infected with Troj/Agent-XDD, ESG security analysts advise being very careful when handling email attachments. Even if you are expecting a scanned document in the mail, it is important to check the email's legitimate carefully and use a reliable anti-malware scanner rather than opening email attachments blindly.
Table of Contents
The Troj/Agent-XDD Attack
Examples of spam email messages associated with Troj/Agent-XDD tend to imitate Hewlett-Packard office equipment. A typical subject line for one of these kinds of messages would read something like 'Re: Scan from a Hewlett-Packard ScanJet 4952740' (that is an actual subject line from an example detected in the wild). There are many variants of these malicious email messages, but they all share the same compressed ZIP archive named 'HP_Document.zip'. Peeking inside this ZIP file reveals an executable file named 'hp_page-1-19_24.07.2012.exe' which is not an image file of any kind. This executable file is a typical backdoor Trojan detected as Troj/Agent-XDD. Troj/Agent-XDD has the capacity to establish an unauthorized connection to an alien server so Troj/Agent-XDD will be able to download and install additional malware. Troj/Agent-XDD also has spy capabilities such as a keylogger component and the ability to send sensitive data to a remote server.
Dealing with a Troj/Agent-XDD Infection
We've seen examples of these kinds of fake scanner emails before. Just a few months ago, this very same method was used to distribute Mal/Iframe-W, which is actually a malicious JavaScript that forces the victim's web browser to visit a malicious website designed to use the BlackHole Exploit Kit to attack the victim's computer. Fortunately, if your spam filter is fully updated, it should be able to stop these malicious messages from ever arriving into your inbox. If, by mistake, you have opened Troj/Agent-XDD's email message, you should use a powerful anti-malware program to perform an in-depth scan of your computer.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | hp_page-1-19_24.07.2012.exe | |
2. | HP_Document.zip |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.