Internet threat level: 1
Home→Descriptions→Trojan-Downloader.Win32.Small.cz
Trojan-Downloader.Win32.Small.cz
| Detected | Jan 15 2004 08:36 GMT |
| Released | Jan 15 2004 10:29 GMT |
| Published | Jan 15 2004 08:36 GMT |
Technical Details
This Trojan program is a downloader, approximately 2KB in size, compressed using UPX. The size of the decompressed file is approximately 13KB.
On 15th January 2004, the program was distributed by email using spamming techniques. The messages have the following hallmarks:
From:
do_not_reply@paypal.com
Sent:
January 15, 2004 3:08 AM
Subject:
PAYPAL.COM NEW YEAR OFFER
** GREAT NEW YEAR OFFER FROM PAYPAL.COM **
Dear PayPal.com Member,
We here at PayPal.com are pleased to announce that we have a special New Year offer for you! If you currently have an account with PayPal then you will be eligible to receive a terrific prize from PayPal.com for the New Year. For a limited time only PayPal is offering to add 10 percent of the total balance in your PayPal account to your account and all you have to do is register yourself within the next five business days with our application (see attachment)!
If at this time you do not have a PayPal account of your own you can also register yourself with our secure application and get this great New Year bonus! If you fill out the secure form we have provided PayPal will create an account for you (it's free) and you will receive a confirmation e-mail that your account has been created.
That's not all! If you resend this letter (with its attachment) to all of your friends you may be eligible to receive another New Year bonus because the 1000 PayPal members that send the most of these to their friends will get the bonus. If you are one of these 1000 lucky members then PayPal will add 17 percent of your total balance to your account!
Registration is simple. Just unpack the attachment with WinZip, run the application, and follow the instructions we have provided. If you have problems opening the application then you may want to try downloading a free version of WinZip from http://www.winzip.com
Do not miss your chance at this fantastic opportunity! Thousands of our current customers have already received their prizes and now it's your turn; so hurry up and take advantage of this special offer!
Best of luck in the New Year,
PayPal.com Team
Attachment:
paypal.exe (2KB)
On being run, the Trojan program downloads the Internet worm Mimail.P (the variant compressed by UPX) from the remote Internet site www.aqua-fish.ru. The worm is downloaded to c:\tmp.exe and then executed.
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.
Trojan-Downloader.
- TrojanDownloader.
Win32. Small. cz (Kaspersky Lab) - Trojan:
Downloader-GN (McAfee) - Troj/Mmdload-A (Sophos)
- Trojan.
Dropper. Mimail. P (ClamAV) - Trj/Downloader.
gen (Panda) - W32/Mimail.
N@dl (FPROT) - TrojanDownloader:
Win32/PPapp (MS(OneCare)) - Trojan.
DownLoader. 3616 (DrWeb) - Win32/TrojanDownloader.
Small. CZ trojan (Nod32) - Generic.
Malware. dld!!. F857489A (BitDef7) - Win32:
Mimndown@UPX [Trj] (AVAST) - Trojan-Downloader.
Win32. Small (Ikarus) - Downloader.
Small. FB (AVG) - WORM/MiMail.
N. DL. 1 (AVIRA) - Downloader.
Mimail. B (NAV) - W32/DLoader.
O (Norman) - Downloader-GN (NAI)
- TROJ_DOWNLDSM.
CZ (PCCIL) - Trojan.
DL. Small. lb (Rising) - Mal_DLDER (TrendMicro)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.