W32/Clagger.E Trojan

 Virus Information - W32/Clagger.E Trojan:

W32/Clagger.E is a trojan. The trojan will infect Windows systems.

The trojan will arrive as an attachment to a spammed email.

The 'From' address of the spammed email will be;

PayPal Account Review Department

The 'Subject' of the spammed email will be;

YOUR ACCOUNT (LIMITED ACCESS TT-022-421-683)

The 'body' of the spammed email will be;

Dear PayPal customer!

As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your

account.We requested information from you for the following reason:

We recently received a report of credit card use
associated with this account. As a precaution, we have limited access to
your
PayPal account in order to protect against future unauthorized
transactions.You can check your transaction details in attachment.

Case ID Number: TT-022-421-683

If, after reviewing your transaction information, you
seek further clarification regarding your account access, please contact

PayPal by visiting the Help Center and clicking "Contact Us".

We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you
and your
account. We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department
Vtest:

The name of the infected attachment will be;

TT-022-421-683.zip

Upon execution of the infected attachment the trojan adds a registry key at the following location to bypass the Windows Firewall.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

The trojan also attempts to connect to the following website;

http://(BLOCKED)shka.net/suhoy341.exe

to download suhoy341.exe in the Windows folder.

The execution of the dropped file causes spyware routines to exhibit on the infected system.