|
Description:
This Trojan may be downloaded from a remote site. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this Trojan drops several component files, some of which are detected by Trend Micro as BKDR_SMALL.EKS. It then executes the dropped files. As a result, malicious routines of the dropped files are exhibited on the affected system. It then registers itself as a system service to ensure its automatic execution at every system startup.
It adds a reference to a non-existent file to the Layered Service Provider (LSP) chain by modifying a registry entry. It deletes itself after execution.
It connects to URLs to download malicious files detected by Trend Micro as follows:
- TROJ_PROSCKS.AG
- TROJ_PROSCKS.AF
- TROJ_GAMETHIE.EU
- TROJ_DLOADER.AAAG
- TROJ_PROSCKS.AC
- DIAL_CBHQ
- TSPY_ONLINEG.RMH
- TSPY_GAMPASS.EU
It saves the downloaded files in the Windows system folder. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 8, 2008 1:27:03 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
