Malware type: Trojan

Aliases: Trojan-Dropper.MSWord.1Table.ei (Kaspersky), Exploit-1Table.a (McAfee), Trojan.Mdropper (Symantec), TR/Crypt.XPACK.Gen (Avira), Exp/1Table-B (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003, Vista

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.

It takes advantage of a vulnerabilty in MS07-014 - Vulnerabilities in Microsoft Word could allow remote code execution, wherein a specially crafted document can cause the application to execute an embedded file.

Once it successfully exploits the unknown vulnerability, it is able to execute a shell code which, in turn, allows it to drop and run an embedded .EXE file on the affected system. The said file is detected by Trend Micro as BKDR_RILER.AI. As a result, routines of the said backdoor may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 28, 2007 8:18:59 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.