Home / malware

PDF

TrojanDownloader:BAT/Lnkget.X

First posted on 10 February 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:BAT/Lnkget.X is also known as Trojan-Downloader.Win32.Pif.us (Kaspersky), TR/Dldr.PIF.US (Avira), Pif.Download.based (Dr.Web), Trojan-Downloader.Win32.Pif (Ikarus), Downloader.Kuaiput (Symantec), LNK_DLOADR.SMA (Trend Micro).

Explanation :

TrojanDownloader:BAT/Lnkget.X is a detection for shortcuts which connect to an FTP server and download and execute arbitrary VBScript files.
Top

TrojanDownloader:BAT/Lnkget.X is a detection for shortcuts which connect to an FTP server and download and execute arbitrary VBScript files.

Installation
TrojanDownloader:BAT/Lnkget.X may be spammed to users through instant messages or e-mail containing a shortcut icon that resembles those of text or image files, such as the following:

Payload
Downloads and executes arbitrary files When these shortcuts are clicked upon, the trojan contacts a specified FTP server using the provided user name and password, and downloads a VBScript file. This file is saved to the Windows directory and then executed. In the wild one such observed FTP server has the address "g03z.com". An example of the file name created from the downloaded script file is "R.vBs". This file is then executed.

Analysis by Wei Li

Last update 10 February 2010

 

TOP