|
Thursday, 30 March 2006 |
Posted by: Admin on Monday, March 27, 2006 - 11:25 AM
Download.Fullalc is a Trojan horse that downloads and executes a remote file, which is a copy of the Trojan Keylogger.Stranget.B.
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Damage
Payload Trigger: n/a
Payload: Downloads and executes a remote file.
Large scale e-mailing: n/a
Deletes files: n/a
Modifies files: n/a
Degrades performance: n/a
Causes system instability: n/a
Releases confidential info: n/a
Compromises security settings: n/a
Distribution
Subject of email: n/a
Name of attachment: n/a
Size of attachment: n/a
Time stamp of attachment: n/a
Ports: n/a
Shared drives: n/a
Target of infection: n/a
Download.Fullalc may be downloaded to the compromised computer when a user visits a Web site that is hosting a malformed HTML page. It is reported that the Trojan is installed on the compromised computer by exploiting the the Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability (BID 17196).
The Trojan may be downloaded as the file ca.exe when a user visits one of the following Web sites:
[http://]www.4onlinecasino.net
[http://]www.airlinetickets247.com
[http://]www.apc-batna.net
[http://]www.atulya.com
[http://]www.buenaventura-lakes.com
[http://]www.excelenergyservices.com
[http://]windsor-palms-resort.com
Once the Trojan is executed, it performs the following actions:
Downloads and executes the file calc.exe from a predetermined Web site.
It is reported that calc.exe is a copy of another Trojan, Keylogger.Stranget.B.
|
