Home / malware Tiny.D
First posted on 01 March 2007.
Source: SecurityHomeAliases :
Tiny.D is also known as Trojan.Win32.Tiny.d, W32/Spamta.MT.worm, Win32/Tiny.D, TR/Tiny.D, Trojan.PWS.Gadu.I.
Explanation :
Tiny.D, a variant of the Tiny family, has a very small amount of virus code. This variant of Tiny shows an annoying message that is triggered by certain conditions.
- %sysdir%winalert.exe
As a part of Tiny.D's installation routine it adds the following registry entry to enable its automatic execution upon Windows boot up:
- HKLMSoftwareMicrosoftWindowsCurrentVersionRun
"Windows Update Notifier" = "%sysdir%winalert.exe"
Tiny.D checks for the following mutex to ensure that only one instance of itself is running in memory:
- "[Critical_Alert]"
Payload
If any of the following conditions is fulfilled a message will be pop up:
- Day is greater than 20
- Month is not November
- Year is not 2006
Here is the screenshot of the message:
Tiny.D will continually check for the said condition every 10 seconds. But once a message as been shown it will pause for 1 hour before resuming its checking.
Tiny.D is encrypted using xor with 0x8C as its key.
Last update 01 March 2007