Malware type: Trojan

Aliases: Trojan-Dropper.Win32.Kido.c, Trojan-Dropper.Win32.Kido.b (Kaspersky), W32.Downadup.C (Symantec), TR/Drop.Kido.B (Avira), TrojanDropper:Win32/Conficker.gen!A (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows XP, Server 2003, Vista

Encrypted: No

Description: 

This Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it drops WORM_DOWNAD.AD that is capable of propagation.

To get a one-glance comprehensive view of its behavior, refer to the Behavior Diagram shown below.

Malware Overview

TROJ_DROPAD.KAX may be downloaded from remote site(s) by other malware. It may be downloaded by WORM_DOWNAD.AD to update itself.

It may also be downloaded unknowingly by a user when visiting malicious Web site(s).

It drops component file(s).

It checks the date and the Operating System (OS) version of the affected system. It runs and drops a file detected by Trend Micro as WORM_DOWNAD.AD in a temporary folder if the following conditions are meet:

• Operating System is Windows XP and above
• System date is (year) 2009 and below, (month) March or below, and date (19 or below)

As a result, malicious routines of dropped file are also exhibited on the affected system.

It then deletes the dropped file and itself after execution.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 18, 2009 2:53:57 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.