Written by: rodericko

How does this threat get into users' systems?

Spammed messages lure users into downloading an electronic game related to the 2009 Israeli legislative elections. These email messages contained a link to where the said game could be downloaded from.

How does this threat affect users?


Clicking the link to download the game prompts the users to save game2.zip, aka TROJ_DROPPER.JCM. This Trojan drops actcontroller.exe, aka TROJ_MYDOOM.CV, and services.exe, aka TROJ_SMALL.JCM.


TROJ_MYDOOM.CV drops protect.sys, aka TROJ_AGENT.ZNH, and collects target email addresses from the affected system. It then send the stolen data to a remote site. TROJ_AGENT.ZNH is a component file of MYDOOM worm variants that allow them to execute their malicious routines.


TROJ_SMALL.JCM, on the other hand, modifies registry entries to make infected systems more vulnerable to other malware infections.


How does this threat make money for its perpetrators?


The target email addresses TROJ_MYDOOM.CV gathers and sends to a remote site may be sold in underground forums for further malicious activities.


What is the driving force behind this threat?


Cybercriminals aim to steal personal information stored in affected systems and either use this for their own financial gain.