Overview
Downloader establishes Internet connection without user's knowledge and downloads malicious contents
in to the user's system.
|
Minimum DAT
4826 (2006-08-10) Updated DAT5269 (2008-04-08) |
Minimum Engine
5.1.00 File LengthN/A |
Description Added
2006-08-10 Description Modified2006-09-29 |
Malware Proliferation
Characteristics
Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.
Upon execution, this trojan installs Internet Explorer Toolbar and changes default html editor.
System Changes
Files Added
- c:\documents and settings\%USER%\local settings\temp\an85.com
- c:\documents and settings\%USER%\local settings\temporary
internet files\content.ie5\ktx34vgq\7b[1].exe ( 91408 bytes )
This trojan also queries DNS servers in the Internet to check if the infected machine is connected to the Internet.
- sa.windows.com
- lala.dashow.com.cn
Symptoms
The applications creates the following network connection(s):
- IEXPLORE.EXE server:network server address port:80
- IEXPLORE.EXE server:127.0.0.1 port:1084
Method of Infection
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Many of these additionally are mass spammed by the author to entice people into double-clicking on them.
Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants