|
Wednesday, 08 November 2006 |
|
The trojan is mass-spammed and uses an old vunerability - MS01-034 - to auto-run a contained macro to drop and execute PWS-LDPinch trojan on the victim machine.
The filename of this variant is typically:
McAfee Inc. Reports.doc
Symptoms:Presence of the following files dropped on C:\ drive: LS060E5.exe [27,648 bytes]Method of Infection Executing the MS Word Document when MS Word's macro security is set to low or medium and the user accepts to enable macros, will drop and execute the PWS-LDPinch trojan. Removal: AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
|
