Not The End Of Downloader-AAP
Thursday September 20, 2007 at 5:34 am CST
Posted by Mohinder Gill
Just last week we blogged about the capture of an international group of phishers responsible for the repeated attacks by the trojan Downloader-AAP. Thinking that it may be the last we see of the trojan we received some samples of yet another new variant today.
As ususal the trojan seems most prevalent in Germany. This time the trojan purports to be a billing payment from an European Online Casino organisation. There is a link inside the message which hosts the Downloader-AAP trojan. If the user clicks on the link the Downloader will download Spy-Agent.ba
Most interesting about this variant is that there is no attachment to the message received by the user like previous variants but a URL inside it’s message body which points to the Downloader-AAP trojan.
The following is a sample of the message that has been spammed out.
This is a clear indication that this trojan is still alive and active and that there could be other members of the phishers that have not yet been caught.