TROJ_ARTIEF.CV
Bloodhound.Exploit.366 (Symantec); Exploit-CVE2010-3333 (Mcafee)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Dropping Routine
This Trojan takes advantage of the following software vulnerabilities to drop malicious files:
- Microsoft Security Bulletin MS10-087
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
Other Details
More information on this vulnerability can be found below:
NOTES:
Once this Trojan successfully exploits the said vulnerability, it attempts to drop and execute the following malicious file:
- %Current%\server.exe - detected as TROJ_DROPPR.DC