Analysis by: Christopher Daniel So
 PLATFORM:

Windows 2000, XP, Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  TECHNICAL DETAILS

File Size: Varies
File Type: WMF
Memory Resident: No
Initial Samples Received Date: 10 Sep 2010
Payload: Connects to URLs/Ips

Adware Routine

This Trojan connects to the following URLs to download and display ads:

  • http://www.{BLOCKED}r.net/?t=3&embedded=false
  • http://www.{BLOCKED}you.com/exit/movies1.html?embedded=false
  • http://{BLOCKED}vie-downloading.com/
  • http://{BLOCKED}ixhost.biz/rd/redir.php?kw=mp3&embedded=false