Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
Trend Micro has received reports about this malware being spammed in the wild.
This Trojan arrives on a system either downloaded from the Internet or dropped by other malware. It may also arrive as an attachment to a spammed email message.
When executed, it waits for active Internet connection and accesses the Web site http://www.eden{BLOCKED}et/flash/menu10.swf to download and execute a malicious file, which is saved as KERNEL32.EXE in the root folder (usually C:\). Trend Micro detects the said file as TSPY_GOLDUN.FM. As a result, the routines of the downloaded spyware may also be exhibited on the affected machine.
It also downloads a non-malicious file from the legitimate Web site http://update.microsoft.com.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 29, 2006 6:01:38 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
