Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Agent.nwk (Kaspersky), TR/Crypt.XPACK.Gen (Avira), Troj/Tibs-UH (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may also be downloaded from remote sites by other malware.

Upon execution, it drops a copy of itself. It then registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating a registry key and entries.

It also accesses several Web sites to download files, which Trend Micro detects as TROJ_AGENT.RH and TROJ_NUWAR.AA. As a result, routines of the downloaded Trojans are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 30, 2008 5:25:19 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.