Malware type: Worm

Aliases: Trojan-Dropper.Win32.Delf.abp (Kaspersky), W32/Realor.worm (McAfee), Trojan.Realor (Symantec), DR/Delphi.Gen (Avira), Troj/Delf-DWI (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This worm employs a unique way of affecting systems. Upon execution, it searches for Real Media Player (.RM, .RMVB) files in all physical drives, including floppy drives. It then inserts a URL in found target files, enabling it to load a Web page where a malicious JavaScript is hosted.

Once the said Web page is accessed, the JavaScript, detected by Trend Micro as JS_DLOADER.HHZ, accesses another Web page to download a file, quite possibly a copy of this worm. However, the said Web site is inaccessible as of this writing.

This worm may arrive as a file downloaded from the Internet.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 16, 2006 3:15:39 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.