Content
Downloader-BDB
- Type
- Trojan
- SubType
- Downloader
- Discovery Date
- 07/05/2007
- Length
- 22,528
- Minimum DAT
- 5069 (07/06/2007)
- Updated DAT
- 5075 (07/16/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 07/05/2007
- Description Modified
- 07/05/2007 2:33 PM (PT)
Tab Navigation
Characteristics
This downloader will try to download additional piece of malware from the following websites:http://flusentiere.de/images/[REMOVED]/11.txt
http://www.renatekoch.com/[REMOVED]/441.txt
http://www.berkili-maschinen.de/[REMOVED]/log.txt
http://adolf-seeger.de/rs/[REMOVED]/i.txt
http://thaibaa.org/[REMOVED]/i.txt
http://thaifisherfolk.com/[REMOVED]/i.txt
http://alsiroyal.de/img/[REMOVED]/i.txt
http://ganzheitliche-kurse.de/[REMOVED]/i.txt
http://213.8.195.68/[REMOVED]/t.txt
http://festivalgastronomico.com.br/[REMOVED]/0.txt
The txt files are actually XOR'ed text files with the URLs for the additional softwares to be downloaded.
Symptoms
The computer will try to contact remote websites for additional piece of malwares.The following file may also be found on the system:
C:\WINDOWS\system32\drivers\c656.tx
C:\WINDOWS\system32\olpr.exe
And the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\olpr: "olpr.exe"
Method of Infection
This malware is being distributed by spam email in the german language.An excerpt of the email:
"Wichtig Mit diesem Schreiben erhalten Sie einmalig ein Exemplar von Ihrem personlichen E-TAN Generator ID ."
Attached is an malware with name "E-TAN Software_2.68.zip", which is the downloader itself.
Removal
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants
N/A
All Information
Overview -
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.This downloader detection refers to a malware being spammed with Paypal E-TAN subject.
Characteristics
Characteristics -
This downloader will try to download additional piece of malware from the following websites:http://flusentiere.de/images/[REMOVED]/11.txt
http://www.renatekoch.com/[REMOVED]/441.txt
http://www.berkili-maschinen.de/[REMOVED]/log.txt
http://adolf-seeger.de/rs/[REMOVED]/i.txt
http://thaibaa.org/[REMOVED]/i.txt
http://thaifisherfolk.com/[REMOVED]/i.txt
http://alsiroyal.de/img/[REMOVED]/i.txt
http://ganzheitliche-kurse.de/[REMOVED]/i.txt
http://213.8.195.68/[REMOVED]/t.txt
http://festivalgastronomico.com.br/[REMOVED]/0.txt
The txt files are actually XOR'ed text files with the URLs for the additional softwares to be downloaded.
Symptoms
Symptoms -
The computer will try to contact remote websites for additional piece of malwares.The following file may also be found on the system:
C:\WINDOWS\system32\drivers\c656.tx
C:\WINDOWS\system32\olpr.exe
And the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\olpr: "olpr.exe"
Method of Infection
Method of Infection -
This malware is being distributed by spam email in the german language.An excerpt of the email:
"Wichtig Mit diesem Schreiben erhalten Sie einmalig ein Exemplar von Ihrem personlichen E-TAN Generator ID ."
Attached is an malware with name "E-TAN Software_2.68.zip", which is the downloader itself.
Removal -
Removal -
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
