TROJ_MDROPPER.ZT - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_MDROPPER.ZT

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		Low

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_MDROPPER.ZT Behavior Diagram

This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

This specially-crafted .DOC file exploits an unknown vulnerability in Microsoft Word 2000, 2002, and 2003. Once it has successfully exploited the said vulnerability, this Trojan is able to execute a shell code which in turn runs an embedded malicious file on the affected system. The embedded file may be any of the following:

TROJ_MDROPPER.ZT
TROJ_ENFAL.AA
BKDR_PCCLIEN.AAP
TSPY_KEYLOG.CP
TROJ_PROXY.RI
TROJ_ZLOB.BPM
TROJ_ZLOB.AVY

Routines of the embedded file are thus exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 9, 2008 11:50:08 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.