Malware and threats description

Computer threads and malicious software description

Agent.SQT

2013-02-28

Aliases: Trojan.Win32.Agent.sqt

Category: Malware

Parameters: Size: 41472; Platform: W32

Short description

Trojan horses are malware that masquerade as benevolent. They do not replicate.

Long description

Agent.SQT arrives as an attachment to spam emails . Messages contain any of the following topics:

Something hot
Hot news
Paris Hilton
Hot pictures

This is an example for a body message:

Good afternoon.

Wanted!
Do you look this film? Do you wanna see more?
Censored cadrs from it where James McAvoy fucks Angelina Jolie!

Bye.

It uses for an attachment name censored.zip, which includes executable copy named censored.exe.

Files recognized as Trojan.Win32.Agent.sqt has a lot of Trojan-Dropper.Win32.Agent.rek characteristics.

The dropped [Random name].sys file in %System%\drivers\ directory is recognized as Trojan.Win32.Agent.sps. Example names of those files are Lhx72.sys and Sho00.sys.

Also it can try to connect and drop files from :

209.66.122.238