TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_MDROPPER.BI
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Dropper.MSExcel.CVE-2006-3059.c (Kaspersky), Exploit-OleModule !! (McAfee), Trojan.Dropper (Symantec), BDS/Small.KY.2 (Avira), Exploit:Win32/Controlexcel.C (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Infection Channel 1 : Spammed via email

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_MDROPPER.BI Behavior Diagram

Malware Overview

This Trojan arrives on a system either downloaded from the Internet or dropped by other malware. It may also arrive as an attachment to a spammed email message.

When executed, it exploits a vulnerability in MS Office 2000 and MS Office XP wherein a specially crafted .XLS file can cause the application to drop and execute an embedded .EXE file on the affected system. More information about the said vulnerability may be found on the following Microsoft Web page:

Once it successfully exploits the mentioned vulnerability, this Trojan executes a shell code which, in turn, runs an embedded .EXE file. This .EXE file is detected by Trend Micro as BKDR_AGENT.DNX.

As a result, the routines of the dropped malware may also be exhibited on the affected machine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 11, 2006 11:26:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.