English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Dropper.MSWord.Agent.bg

Trojan-Dropper.MSWord.Agent.bg

Detected Jan 23 2008 19:07 GMT
Released Jan 23 2008 22:22 GMT
Published Feb 08 2008 15:28 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. +This program is an MS Word document (a DOC file). It is 128381 bytes in size. It is not packed in any way.


Payload

The Trojan exploits a buffer overrun vulnerability in Microsoft Word (MS06-027) which allows a remote malicious user to launch code on the victim machine.

The executable file is placed in the body of the document. When a document is opening in Microsoft Word, the embedded file will be launched for execution by using the buffer overrun vulnerability.

This file is 58880 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-Dropper.Win32.Small.bdx.


Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Install updates for Microsoft Word:
    http://www.microsoft.com/technet/security/bulletin/ms06-027.mspx
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).


Print
Bookmark and Share
Share
Trojans
Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.

This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).

Such programs are used by hackers to:

  • secretly install Trojan programs and/or viruses
  • protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.

Aliases

Trojan-Dropper.MSWord.Agent.bg (Kaspersky Lab) is also known as:

  • Exploit:Win32/Slippto.gen (MS(OneCare))
  • a variant of W97M/TrojanDropper.Agent trojan (Nod32)
  • Exploit.PPT.Gen (BitDef7)
  • MPPT97:CVE-2006-0009 [Expl] (AVAST)
  • Trojan-Dropper.MSPPoint.Agent.f (Ikarus)
  • Exploit (AVG)
  • EXP/PPT.Dropper.Gen (AVIRA)
  • Trojan.PPDropper (NAV)
  • ShellCode.B (Norman)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search