Spammer.APG
Threat LevelDamageDistribution

Effects 

Spammer.APG is designed to send spam messages massively. It makes the computer become a platform to send spam.

Spammer.APG carries out the following actions:

• It uses several programs which allow it to obtain passwords and accounts of mail services, in order to obtain email addresses to which it can send spam messages.
• It connects to the following URLs of the configuration of the Trojan:
  http://89.14<blocked>.186/stat1.php
  http://89.14<blocked>.186/stat1.php
• The spam messages which it sends contain advertisements about several pharmaceutical products and a link to a website where these products can be purchased.
• Some examples of the message it sends are the following:
  
  
  
  

Infection strategy 

Spammer.APG creates the file QTPLUGIN.EXE with a random name in the Windows system directory. This file is a copy of the Trojan.

Spammer.APG creates the following entries en el Windows Registry:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  RegistryMonitor1 = %sysdir%\qtplugin.exe
  where %sysdir% is the Windows system directory.
  By creating this entry, Spammer.APG ensures that it is automatically run whenever Windows is started.
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup
  RegistryMonitor2 = %sysdir%\36077052

Means of transmission 

Spammer.APG does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, removable drives like USB keys, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Spammer.APG is written in the programming language Delphi. This Trojan is 607,744 bytes in size.