Analysis by: kathleenno
ALIASES:

Exploit:Win32/CVE-2010-3333 (Microsoft); Exploit.MSWord.CVE-2010-3333.a (Kaspersky); Exp/20103333-A (Sophos)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

Canal de infección Propagates via email

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

It takes advantage of software vulnerabilities in certain software to drop malicious files.

  TECHNICAL DETAILS

Tamaño del archivo 144,274 bytes
Tipo de archivo Other
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 14 Apr 2011
Carga útil Drops files

Arrival Details

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

Installation

This Trojan drops the following files:

  • %User Temp%\{random}.tmp

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)

It drops the following non-malicious file:

  • C:\DOC

Dropping Routine

This Trojan takes advantage of unknown vulnerabilities in the following software to drop malicious files:

  • Microsoft Security Bulletin MS10-087

Other Details

More information on this vulnerability can be found below: