Troj/Mdrop-DPB is a Trojan for the Windows platform.
We've spotted Troj/Mdrop-DPB in spam targeting French users, in an attempt to exploit people's interest in celebrations for the Bastille Day holiday.
Unsuspecting users who open the attachment, which purports to be a list of Bastille Day activities, download a file called short-BASTIL_1.SCR.
Troj/Mdrop-DPB drops the file in WindowsUpdate.exe in the <Application Data>\Microsoft folder. This file is detected as Troj/Agent-SNH.
If installation is successful, Troj/Agent-SNH will attempt to contact the following remote server:
info . kembletech . com
In addition to the detection provided for Troj/Mdrop-DPB and Troj/Agent-SNH, the proactive HIPS technology in Sophos Endpoint Security can prevent the installation of these Trojans using various rules, including:
HIPS/FileMod-004 HIPS/FileMod-006 HIPS/ProcMod-005