system
9
The title of this topic should be changed to “Undetected virus (Trojan) through MS Iframe exploit”.
After some futher research this virus doesn’t have anything to do with Bofra/Sober-H, although it uses the same MS Iframe exploit.
It’s a new Trojan out there since begin november 2004. And was used in the Falk AG loadbalancer hack starting last friday (19-11-2004).
For futher info see a detailed report from Matt (ISC):
http://www.finlandforum.org/bb/viewtopic.php?t=7685
Sophos description:
Troj/Agent-EC is a backdoor Trojan that listens in the background for incoming connections and allows remote intruders to control the infected computer.
Troj/Agent-EC attempts to teminate any security-related applications running on the computer and then waits to download and install new updates when notified.
http://www.sophos.com/virusinfo/analyses/trojagentec.html
Still i’m a little bit worried why Avast didn’t pick up this Trojan.