Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Small.dqz (Kaspersky), Downloader-ZL (McAfee), Downloader (Symantec), TR/Dldr.Small.dqz.51 (Avira), Mal/Packer (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan usually arrives as a file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites. It may also arrive as an attachment to spammed email messages.

It arrives as the file DC{Random numbers} (WITHOUT COMMENTS).ZIP. The said archive contains this malware's copy named as DC{Random numbers} (WITHOUT COMMENTS).JPG{Several underscores}.EXE. For example:

DC007 (Without comments).JPG_______________________________
_______________________________.exe

Note that it uses the file naming convention of digital cameras to lure users into opening the attachment. It further attempts to appear legitimate by using an icon closely resembling that used by JPEG files.

Upon execution, it connects to the URL, http://www.{BLOCKED}en21.net/images/l_border14.jpg to download a file detected by Trend Micro as TSPY_BZUB.HN.

As a result, routines of the downloaded spyware are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 29, 2007 11:43:39 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.