JS_MORPHEUS.VTG
October 09, 2012
PLATFORM:
Windows 2000, WindowsXP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages. It executes when a user accesses certain websites where it is hosted.
TECHNICAL DETAILS
File Size:
1,090 bytes
File Type:
JS
Initial Samples Received Date:
13 Apr 2012
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It arrives as a component bundled with malware/grayware packages.
It executes when a user accesses certain websites where it is hosted.
Download Routine
This Trojan connects to the following URL(s) to download its component file(s):
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/key.tt - saved as C:/Documents and Settings/administrator/msn/inf.tt
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/mailer.js - saved as C:/Documents and Settings/administrator/msn/mailer.tpl
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/mailpv.js - saved as C:/Documents and Settings/administrator/msn/mailpv.tt
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/key.tt - saved as C:/Documents and Settings/administrator/msn/m2011.tt
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/morph.jpg - saved as C:/Documents and Settings/administrator/msn/M0rPheU$_Esta_Aqui.jpg
- http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/MA.tt - saved as C:/Documents and Settings/administrator/msn/Mejores Amigos.zip