Malware type: Trojan

Aliases: Trojan-Dropper.MSExcel.CVE-2006-3059.a (Kaspersky), Downloader-AWV.dr (McAfee), Trojan.Mdropper.J (Symantec), W97M/Drop.CVE-2006-3059.a (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan arrives as an .XLS file attached to an email message. It may also be downloaded or dropped by another malware.

It takes advantage of a zero-day exploit in Microsoft Excel. Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.

It is an .XLS file that executes a shell code that when executed, runs an embedded executable file detected by Trend Micro as TROJ_SMALL.AWC. The said Trojan, in turn, downloads and executes a possibly malicious file from a certain URL onto the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 13, 2006 7:17:13 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.