TROJ_DROPPER.CNH - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_DROPPER.CNH

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Trojan-Dropper.Win32.Agent.btc (Kaspersky), Trojan.Dropper (Symantec), TR/Drop.Agent.btc.1 (Avira), TrojanDropper:Win32/Malf.gen (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		Low

Infection Channel 1 : Spammed via email

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_DROPPER.CNH Behavior Diagram

Malware Overview

This Trojan may arrive on an affected system downloaded from certain Web sites. It may also arrive via spammed email messages that contain links where this Trojan can be downloaded.

The email messages have a certain subject line and a message body purportedly coming from Trend Micro.

Once the said links are clicked, the user is then redirected to a spoofed Trend Micro Web site, where a copy of this Trojan can be downloaded.

Below is a sample of the spoofed Web page:

TROJ_DROPPER.CNH icon

Upon execution, it launches an installer of the Trend Micro Anti-Spyware product. At the same time, it drops a certain file in the current user�s Temporary folder. The said file is detected by Trend Micro as TSPY_AGENT.YZR.

It then executes the dropped file. As a result, malicious routines of the downloaded files are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 4, 2007 2:00:02 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.