TROJ_ARTIEF.CV

 Analysis by: kathleenno

 ALIASES:

Bloodhound.Exploit.366 (Symantec); Exploit-CVE2010-3333 (Mcafee)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

  TECHNICAL DETAILS

File Size:

82,684 bytes

File Type:

RTF

Memory Resident:

Yes

Initial Samples Received Date:

05 May 2011

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Dropping Routine

This Trojan takes advantage of the following software vulnerabilities to drop malicious files:

  • Microsoft Security Bulletin MS10-087

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

Other Details

More information on this vulnerability can be found below:

NOTES:
Once this Trojan successfully exploits the said vulnerability, it attempts to drop and execute the following malicious file:

  • %Current%\server.exe - detected as TROJ_DROPPR.DC