LNK_DORKBOT.TV
Trojan.WinLNK.Runner.bl (Kaspersky), Win32/Dorkbot.D worm (ESET), W32/AutoRun-BQJ (Sophos), Trojan horse BackDoor.Dorkbot.A (AVG)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may be dropped by other malware.
TECHNICAL DETAILS
Arrival Details
This Trojan may be dropped by the following malware:
- WORM_DORKBOT family
NOTES:
This file is a component of WORM_DORKBOT malware family.
It is a shortcut file with a folder icon that uses the following command line to execute its malware component:
%windir%\system32\cmd.exe /c "start %cd%RECYCLER\{random filename}.exe &&%windir%\explorer.exe %cd%{varying folder name}
This command line tries to execute its malware component file located at {drive letter}:\RECYCLER\{random filename}.exe.
It then tries to disguise itself as a normal folder by opening a folder with a varying filename.