SophosLabs analysts encountered a new Trojan variant, Troj/Agent-FWO that came bundled with a non-malicious but humorous Shockwave video created by Italian cartoon animator, Bruno Bozzetto. The popular Shockwave animation video,”Yes & No” has been circulating around the internet for many years and it’s not surprising to see malware authors targetting Shockwave Flash animation users in this instance.
Troj/Agent-FWO drops its malicious payload in the Windows System folder and is not only capable of creating registry entries to run itself on startup but also has the functionality to inject code into system processes to stealth itself.
It is noted that malware authors have taken great lengths to obfuscate their creations nowadays and Troj/Agent-FWO is certainly no exception.
In the world of malware, pretty much nothing is sacred or secure anymore.