Analysis by: Christopher Daniel So

 PLATFORM:

Windows 2000, XP, Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. As of this writing, the said sites are inaccessible.

  TECHNICAL DETAILS

File Size: Varies
File Type: LNK
Memory Resident: No
Initial Samples Received Date: 24 Aug 2010

Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may be dropped by other malware.

Download Routine

This Trojan downloads files from the following File Transfer Protocol (FTP) sites:

  • ftp://{BLOCKED}.{BLOCKED}.138.33/c.vbs

It saves the files it downloads using the following names:

  • c.Vbs

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

As of this writing, the said sites are inaccessible.