Rising captures a new variant of stealing Trojan virus.

　　Xinhua News Agency, Beijing, October 20-Rising Threat Intelligence Center has recently captured a new variant of the stealing Trojan virus.

　　This latest variant virus of AgentTesla Stealing Trojan spreads through phishing emails, inducing users to decompress and run the Trojan virus in the attachment, so as to collect user’s browser, email, FTP, VPN, instant messaging and other software account passwords, as well as screen shots, keyboard keystrokes and other information.

　　According to Rising security experts, the predecessor of AgentTesla virus is a commercial keyboard recorder. In the past few years, it has changed from a keyboard recorder to an out-and-out stealing Trojan virus.

　　In addition to stealing secrets, the latest variant of AgentTesla can also counter the static scanning of security protection software, that is, it tries to bypass the static scanning through code confusion, data encryption and other means, which hinders the security personnel from analyzing its samples.

　　Rising security experts said that the latest variant of AgentTesla was delivered to the user’s mailbox by phishing email, hidden in the Zip attached to the email, and disguised as the default icon of the Word document, so as to entice the user to decompress and run. Once the virus is run, it will replicate itself, set the registry self-startup item, then collect the user’s browser, email client, screen shots, record keyboard keystrokes and other information, and finally send it back to the attacker’s mailbox by email.

　　According to Rising Company, it is found that some domestic enterprises have been attacked by this virus. Rising reminds users not to open suspicious files; Deploy gateway security products such as network security situation awareness and early warning system; Install effective antivirus software to intercept and kill malicious documents and Trojan viruses; Install system patches and important software patches in time.