Troj/Agent-TDG is a Trojan affecting Windows users.
As a member of the Zbot family of malware, Troj/Agent-TDG looks for sensitive user information such as passwords. Remote hackers could also use the Trojan to hijack your computer to send out even more malware.
We've seen Troj/Agent-TDG spreading through spam messages with subjects including "Re: your changlog," typically including a fake ID or reference number.
The attachment is a zip file with names like:
change<date numbers><random characters>.zip
This zip file is detected by Sophos as Mal/BredoZp-B.
The zip file contains a single executable, which has a Microsoft Office document icon.
Typically, the body of the spam messages is very short, consisting of a simple introduction (e.g., "good day"), a phrase containing "as promised," and then signed off with a name.
These messages are spammed out by infected machines around the world.
When run, the inner executable copies itself to the user's profile directory, under:
The Trojan sets itself up in the registry to run on startup by using the key:
We also detect this Trojan generically as Mal/Zbot-CX.