|
Description:
This Trojan arrives on a system either as part of another malware application's installation package or downloaded from the Internet.
It is a downloader that exploits the USER32.DLL ANI File Parsing Crash vulnerability. More information on this vulnerability can be read on the following Microsoft Web page:
It waits for active Internet connection and every time a user opens a Windows animated cursor file (ANI) in the Windows Explorer, it accesses the following Web site:
http://69.50.1{blocked}71.149/5/sl
It then downloads the file NCAL.EXE detected by Trend Micro as TROJ_DROPPER.EP.
For additional information about this threat, see:
Solution
Technical Details
Statistics
Description created: May. 18, 2005 6:46:08 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
