TROJ_BANLOAD.BGG
Mal/Inject-CEE (Sophos), Downloader (Symantec)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
TECHNICAL DETAILS
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This Trojan drops the following files:
- %Application Data%\cab00.zip
- %Application Data%\cab01.zip
- %Application Data%\cab02.zip
- %Application Data%\cab03.zip
- %Application Data%\DriverB0B2D6E3drv.cpl
- %Application Data%\mib.bin
- %Application Data%\win.bin
- %User Startup%\GoogleInc8.LNK
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista and 7.. %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.)
Other Details
This Trojan attempts to access the following websites to download files, which are possibly malicious:
- www.{BLOCKED}center.com.br/img/bgg-material.jpg
- www.{BLOCKED}center.com.br/img/bgg-rodape.jpg
- www.{BLOCKED}center.com.br/img/boddy.jpg
- www.{BLOCKED}center.com.br/img/bbody.jpg
- {BLOCKED}.{BLOCKED}.28.131/~portalpt/cont/e/index.php
- {BLOCKED}.{BLOCKED}.23.22/~portalpk/vrs.txt