The title of this topic should be changed to “Undetected virus (Trojan) through MS Iframe exploit”.

After some futher research this virus doesn’t have anything to do with Bofra/Sober-H, although it uses the same MS Iframe exploit.

It’s a new Trojan out there since begin november 2004. And was used in the Falk AG loadbalancer hack starting last friday (19-11-2004).

For futher info see a detailed report from Matt (ISC):

http://www.finlandforum.org/bb/viewtopic.php?t=7685

Sophos description:

Troj/Agent-EC is a backdoor Trojan that listens in the background for incoming connections and allows remote intruders to control the infected computer.

Troj/Agent-EC attempts to teminate any security-related applications running on the computer and then waits to download and install new updates when notified.

http://www.sophos.com/virusinfo/analyses/trojagentec.html

Still i’m a little bit worried why Avast didn’t pick up this Trojan.