Outbreak Name: Troj/Dloadr-AKY*

Outbreak Date: 8-03-06

Dangerous Trojan Masked as Message From eBay Outbreak Filters Protects Users 18 hours and 12 minutes Before First AV Signature

Background

IronPort's Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Trojan variant outbreak, Outbreak Filters protected customers 18 hours and 12 minutes before traditional AV vendors** provided protection.

Potential Damage from Outbreak

Troj/Dloadr-AKY is a dangerous Trojan that was recently spammed out as a spoofed message from eBay asking users to open a document to view an invoice. Once opened, the Trojan opens a backdoor that remote hackers can use to take over the computer. Alarmingly, this Trojan communicates with hackers via HTTP traffic, making it difficult for network administrators to detect. Once taken over, hackers can use the computer to send spam and host spyware. Remote hackers can also install key loggers and screen scrapers onto the infected PC to steal personal, confidential and financial information without the user's knowledge.

Timeline

* As named by Sophos.
** Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.