|Detected||Mar 22 2006 10:02 GMT|
|Released||Mar 22 2006 10:02 GMT|
|Published||Aug 03 2006 10:15 GMT|
This Trojan downloads files via the Internet without the user’s knowledge or consent.
It is a Windows PE EXE file. It is not packed in any way. The file is 3,584 bytes in size.
Once launched, the Trojan waits for the victim machine to connect to the Internet. It then attempts to download a file from http://**.249.23.82/ntraf12.dat. This file is saved to the Windows temporary directory as "msdoc.exe":
At the moment of writing, this link was not working.
The downloaded file is then launched for execution.
The Trojan also sends HTTP requests to a range of URLs. These requests contain the victim machine’s unique identifier.
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.