TROJ_SMALL.KS - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_SMALL.KS

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Trojan.Win32.Small.xh (Kaspersky), Trojan.Flush.G (Symantec), TR/Crypt.U.Gen (Avira), Mal/HckPk-A (Sophos), VirTool:Win32/Obfuscator.S (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP, 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Description:

This Trojan attempts to download files from URLs as indicated:

http://vxi{BLOCKED}ame.biz/adverts/progs/PROXY.EXE
http://vxi{BLOCKED}ame.biz/adverts/progs/SEARCH.EXE
http://vxi{BLOCKED}ame.biz/adverts/progs/TIBS.EXE
http://vxi{BLOCKED}ame.biz/adverts/progs/TOOL.EXE
http://vxi{BLOCKED}ame.biz/adverts/progs/WINLOGON.EXE

Note that the downloaded files may vary any time.

The said files, which are detected by Trend Micro as the following, are saved using different file names in various locations:

BKDR_DUMADOR.N
TROJ_AGENT.PL
TROJ_CLICKER.CB
TROJ_DLOADER.BK
TROJ_DLOADER.JQ
TROJ_DLOADER.KA
TROJ_SPYWAD.B
TROJ_STARTPAG.J

This Trojan modifies the HOSTS file to prevent access to a list of sites.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 30, 2005 11:38:30 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.