TROJ_ARTIEF.A - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_ARTIEF.A

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Downloader-BCG (McAfee), Trojan.Dropper (Symantec), TR/Dldr.ExplorerH.A (Avira), Mal/Packer (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Infection Channel 1 : Spammed via email

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_ARTIEF.A Behavior Diagram

Malware Overview

This Trojan arrives as an attachment from a spammed email message. The said attachment is an RTF document which contains an embedded executable file. The said EXE file is detected as TROJ_ARTIEF.A. It is embedded in an RTF file using a PDF icon.

A sample of the spammed email message is found below:

{Sample email message}

Once the main Trojan file is executed, it displays an error message box similar to those of Adobe Acrobat Reader when a file is corrupted. This is displayed to trick the user that this Trojan file is a PDF file and does not run properly, while continuing with the execution of its routines in the background:

{Fake Adobe error message}

It uses Internet Explorer to open an HTML component that is also detected by Trend Micro as TROJ_ARTIEF.A. It then accesses a certain URL to download a possibly malicious file.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 23, 2007 10:19:51 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.