SCF Portal Stats

Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42955
  • Total Topics: 16151
  • Online Today: 4651
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

« previous next »
Pages: [1]

Author Topic: Downloader-BBS  (Read 6572 times)

0 Members and 2 Guests are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
    • SCforum.info
Downloader-BBS
« on: 17. May 2007., 16:04:15 »
Type
Trojan
SubType
Downloader
Discovery Date
04/23/2007
Length
4,656 bytes
Minimum DAT
5015 (04/23/2007)
Updated DAT
5032 (05/16/2007)
Minimum Engine
5.1.00
Description Added
04/23/2007
Description Modified
05/16/2007

Overview -

Downloader-BBS is a trojan that is delivered via a spammed email message claiming to be a notice from the Italian Police. This downloader is designed to pull a dialer from a website controlled by the malware author.
Aliases
Mal/Clagger-D (Sophos)
Trojan-Downloader.Win32.Zlob.bqy (Kaspersky)
Trojan.DL.Zlob.BZP (VirusBuster)
Trojan.Downloader-6805 (ClamAV)
Trojan.Downloader.Agent.BEJ (BitDefender)
W32/Zlob.AHMS (Norman)
Win32:Nurech-AF (Avast)
Characteristics -


Downloader-BBS is a trojan that is delivered via a spammed email message claiming to be a notice from the Italian Police. This downloader is designed to pull a dialer from a website controlled by the malware author.

-- Update May 16, 2007 --

A recent spamming has been reported intended to download a dialer. The spammed email message supposedly from the Italian Police is sent as follows:

This roughly translates to the Italian Police finding illegal mp3 files on your computer and instructing the user to open the attachment for further details. A victim typically gets infected when the attached executable is run.
Symptoms -

This downloader does not create any auto start registry entry or a copy of itself on disk.
Upon execution it injects itself into the svchost.exe process and downloads its payload under its context.
Attempts to stop the following antivirus service: McShield
Attempts to download further malware from the following URL: http://lookhere1.[Removed].ru/msupdate.exe
The downloaded file is a dialer program and is detected as Dialer-Generic.

Note: As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection.
Method of Infection -


This downloader trojan was mass spammed on 16th, May 2007.
Removal -


A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Logged
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

Downloader-BBS
« on: 17. May 2007., 16:04:15 »
Pages: [1]
« previous next »
 

+ Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising