Malware type: Trojan

Aliases: Trojan-PSW.Win32.WOW.pk (Kaspersky), Generic.eh !! (McAfee), Trojan.Zlob (Symantec), TR/PSW.Wow.PK.1 (Avira), Troj/LdPinch-QA (Sophos), TrojanDownloader:Win32/Zlob (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan usually arrives on a system as a file downloaded by JS_DLOADER.KZQ. The said malicious JavaScript is hosted in Web sites related to the Super Bowl event, and several other gaming-related Web sites. It exploits the VML vulnerability in Windows, which allows it to download and execute this Trojan.

Upon execution, it drops a file, which is detected by Trend Micro as TSPY_WOWCRAFT.BL, in the folder where it originally executes. As a result, the routines of the related spyware may be exhibited on the affected machine.

It may download possibly malicious files from a specific URL. The said routine increases the risk of the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 2, 2007 3:44:16 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.