|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This Trojan may be dropped or downloaded by other malware.
It arrives a specially-crafted .DOC, .WRI, or .RTF file that exploits a known vulnerability in Microsoft WordPad. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views the said file.
More details on the said vulnerability can be found here:
It checks if it is being executed in a VMWare environment. If it is, it does not continue to exploit the affected system.
Once successfully exploited, it drops a malicious file on the affected system, which is detected as BKDR_AGENT.VBI. As a result, malicious routines of the dropped file are exhibited on the affected system.
If executed in a VMWare environment, it creates the above-mentioned file but does not write anything on it.
It then creates a non-malicious document file in the %User Temp% folder. It also overwrites its code with the said non-malicious document to trick users into thinking that they executed a normal document file.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 11, 2008 2:59:36 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
