Trojan.Agent/Gen-Festo
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 38 |
| First Seen: | December 18, 2012 |
| OS(es) Affected: | Windows |
Trojan.Agent/Gen-Festo is a Trojan that is distributed via unsolicited emails allegedly sent by Air Canada. The fake Air Canada email that is used to deliver Trojan.Agent/Gen-Festo displays a fraudulent id of a sender 'Air Canada tickets@aircanada.com' together with a subject line 'Your Order#74267102 - PROCESSED'. The deceptive email addressing the computer user as customer, notifies that there has been a perfect processing of the order. Respectively, the details are: Flight Number: TB739 highlight.2CA, Electronic 74267102; Date and Time: 6th December 2012 at 10.30am; Leaving Toronto; and Ticket rate: Canadian Dollars 375.12. Then, the spam email forces the PC user to download and print out the ticket by visting the website http://www.aircanada.com/aco/manageMyBookings.do?tid=TB7392CA&ticket_number=74267102. To find out more about the order, the spam email asks the recipient to contact Air Canada at http://www.aircanada.com/en/customercare/index.html?orderid=74267102&ssid=1524. At last, the bogus email signs off on behalf of the Air Canada airlines in order to give thanks. However, the added web-address rather than lead onto the actual website directs the PC user onto a zipped file called 'hxxp://air-canada.org/tickets/ticketTB7392CA.zip', which when unzipped, generates a huge 175KB file called 'ticketTB7392CA.scr', which incorporates Trojan.Agent/Gen-Festo.
Table of Contents
Aliases
13 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| Panda | Trj/CI.A |
| AntiVir | TR/Crypt.EPACK.Gen2 |
| Avast | Win32:JunkPoly [Cryp] |
| McAfee | Artemis!533DCED7236C |
| AhnLab-V3 | Backdoor/Win32.PMax |
| Sophos | Mal/ZAccess-BC |
| McAfee | Artemis!B7553B1FB5EF |
| Panda | Suspicious file |
| Fortinet | W32/Zbot.APRF!tr |
| AhnLab-V3 | Downloader/Win32.Andromeda |
| Microsoft | Trojan:Win32/Sirefef.BC |
| DrWeb | BackDoor.Maxplus.5220 |
| Kaspersky | HEUR:Trojan.Win32.Generic |
SpyHunter Detects & Remove Trojan.Agent/Gen-Festo
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | n. | b7553b1fb5ef3c1a1960d4acde8feb0c | 32 |
| 2. | n. | 533dced7236cc7e8e20e1620e20c4271 | 6 |
| 3. | 98fe6081c75556a21a8331a035c70af6 | 98fe6081c75556a21a8331a035c70af6 | 0 |
| 4. | 5c2f8d97a7b213339fb8c3e0da2c3be9 | 5c2f8d97a7b213339fb8c3e0da2c3be9 | 0 |
| 5. | fcf99d9d89f34d743c90298e4be02921 | fcf99d9d89f34d743c90298e4be02921 | 0 |
| 6. | ILEC.EXE | 7f97bb3741c7ec5b0ac6d7015c940c19 | 0 |
| 7. | f91ec4dc042e496a7992266a6b7ef839 | f91ec4dc042e496a7992266a6b7ef839 | 0 |
| 8. | b5f272b3e6953afdec7ce5e6f1f8dd72 | b5f272b3e6953afdec7ce5e6f1f8dd72 | 0 |
