Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This Trojan arrives as attachment to email messages spammed via email by another malware or a malicious user.
It may also arrive bundled with malware packages as a malware component.
It may also be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, it connects to a certain URL to download and display an image. It does the said action to trick users into thinking that they are viewing an image related to a certain news item.
It accesses Web sites to download files. It then executes the downloaded files. One of its downloaded files is detected by Trend Micro as TSPY_BANKER.HHW, which steals critical information.
It terminates certain processes, which are related to antivirus and security applications, if found running in memory. By terminating the said processes, this Trojan avoids easy detection and consequent removal from the affected system. It also disables the affected system's firewall, thereby opening the affected system to further attacks.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 19, 2007 7:13:31 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
