Ilomo.a

This page shows details and results of our analysis on the malware Ilomo.a

Download Current DAT: 6609

Threat Detail

Malware Type: Trojan

Malware Sub-type: Win32

Discovery Date: 2009-06-05

Next Steps:

Overview
Characteristics
Symptoms
Removal

Overview

-- Update July 31, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.eweek.com/c/a/Security/Researcher-Unmasks-Sneaky-Clampi-Trojan-at-Black-Hat-337302/?kc=rss

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted, or may use other tools to assist in spreading. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Minimum DAT

5637 (2009-06-05)

Updated DAT

5761 (2009-10-04)

Minimum Engine

5.2.00

File Length

Varies

Description Added

2009-06-05

Description Modified

2009-07-31

Malware Proliferation

Characteristics

Please refer to our Ilomo description for further details of this Trojan

Symptoms

A running iexplore.exe process from the logged on account with no visual interface.

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).