McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• TROJ_MDROPPER.BS (TrendMicro)

• Trojan.Mdropper.O (Symantec)

Characteristics

This is a generic detection for malware that takes advantage of the MS03-050 (CAN-2003-0820) exploit.

The exploit is due to a bug in the Microsoft Word/Works/Excel macro processing code that do not properly check macro names length constraints. Specially crafted Word documents can therefore run arbitrary code with the current user permissions regardless of the macro security restrictions.

The specific actions performed by the malware depend on the variant.  Due to the heuristic nature of this detection, exploits targeting newer MS Office vulnerabilities may also be detected as variants of Exploit-1Table.

Affected platforms are:

• Microsoft Excel 97
• Microsoft Excel 2000
• Microsoft Excel 2002
• Microsoft Word 97
• Microsoft Word 98(J)
• Microsoft Word 2000
• Microsoft Word 2002
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004

Symptoms

Varies depending on the variant

Method of Infection

Varies

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• TROJ_MDROPPER.BS (TrendMicro)

• Trojan.Mdropper.O (Symantec)

Characteristics

Characteristics -

This is a generic detection for malware that takes advantage of the MS03-050 (CAN-2003-0820) exploit.

The exploit is due to a bug in the Microsoft Word/Works/Excel macro processing code that do not properly check macro names length constraints. Specially crafted Word documents can therefore run arbitrary code with the current user permissions regardless of the macro security restrictions.

The specific actions performed by the malware depend on the variant.  Due to the heuristic nature of this detection, exploits targeting newer MS Office vulnerabilities may also be detected as variants of Exploit-1Table.

Affected platforms are:

• Microsoft Excel 97
• Microsoft Excel 2000
• Microsoft Excel 2002
• Microsoft Word 97
• Microsoft Word 98(J)
• Microsoft Word 2000
• Microsoft Word 2002
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004

Symptoms

Symptoms -

Varies depending on the variant

Method of Infection

Method of Infection -

Varies

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A