TROJ_ZLOB.CCW - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_ZLOB.CCW

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Trojan.Win32.DNSChanger.chg (Kaspersky), DR/Dldr.DNSChanger.Gen (Avira), Troj/Zlobar-Fam (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Description:

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_ZLOB.CCW Behavior Diagram

Malware Overview

This Trojan may be downloaded unknowingly by a user when visiting malicious Web site(s). It may be downloaded from a certain URL by JS_SMALL.QT.

It drops files on the affected system. The dropped files are detected by Trend Micro as the following:

It then executes the dropped file(s). As a result, malicious routines of the dropped file are exhibited on the affected system.

It poses as a video codec installer. As a result, affected users are tricked into thinking that it is a legitimate application.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 9, 2008 6:37:49 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.