Description:
Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here. |
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This memory-resident Trojan arrives on a system as a dropped file of other malware or as a file downloaded unknowingly by a user when visiting malicious Web site(s). It may also arrive as a spammed email message.
The said spam message targets high-ranking company officials. The message contains fake subpoena information, including a link to a document file that requires recipients to download as a purported reference.
This Trojan uses the following Adobe PDF file icon to trick users into thinking that it is a PDF file:
When executed, it displays the following fake notification message:
It modifies the system's registry to enable its automatic execution. It does this by creating certain keys and entries, and by registering itself as a Browser Helper Object (BHO).
This Trojan drops a .DLL component file that Trend Micro also detects as TROJ_AGENT.AMAL.
It opens a hidden Internet Explorer (IE) window in an attempt to connect to a malicious URL. Once a connection is established, it then directs users to another site to download and execute a file, which Trend Micro detects as TROJ_DROPPER.LOZ. As a result, routines of the downloaded Trojan are also exhibited on the affected system.
It also steals information by logging keystrokes. It may also delete files found in certain folders.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 15, 2008 6:50:25 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
