FireEye researchers are warning of new malware called Trojan.MyAgent, which is primarily spread via e-mail, arriving inside a ZIP file or as a PDF attachment. The malware, the researchers say, is specifically targeting the defense, chemicals, technology and aerospace industries.
"FireEye examined a sample of MyAgent that, once executed, opens a PDF file titled 'Health Insurance and Welfare Policy' and then drops a second executable, deviously titled 'ABODE32.exe,' in the temp directory, they say in their report," writes Threatpost's Brian Donohue. "FireEye notes that the 'ABODE32.exe' executable accesses Windows Protected Storage, which holds the passwords for IE, Outlook, and other applications."
"Once it gets a foothold on the infected system, the malware connects back to its command and control server," writes FireEye researcher Vinay Pidathala. "In the samples we have observed the user agent string and the URI to which it calls back is hard coded inside of the binary. However we have seen different binaries use different user agents and URIs. ... Most of the binaries we observed have fairly good detections barring a few that have only two out of 42 AV vendors detecting them on VirusTotal."