|
Downloader serves as a downloading/ updating component for other malicious files. Generally it makes internet connections without user's knowledge. Downloader-AYB is installed via a specifically crafted Microsoft PowerPoint document that exploited a Microsoft Office vulnerability. This document was heuristically detected as the Exploit-MS06-012 trojan. Aliases - TROJ_SMALL.CMZ (TrendMicro)
- Trojan-Downloader.Win32.Small.doa (Kaspersky)
Downloader serves as a downloading/ updating component for other malicious files. Generally it makes internet connections without user's knowledge. Downloader-AYB is installed via a specifically crafted Microsoft PowerPoint document that exploited a Microsoft Office vulnerability. This document was heuristically detected as the Exploit-MS06-012 trojan. Upon execution, the trojan spawns a hidden Internet Explorer (iexplore.exe) process and executes as a thread of this process. It then attempts to download one or more file(s) from the following website(s): - www.the(hidden)st.com.tw
- 61.218.(hidden)
The URLs attempted by Downloader-AYB were unavailable at the time of writing. Unexpected connections from iexplorer.exe to the following website(s): - www.the(hidden)st.com.tw
- 61.218.(hidden)
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination. Additional Windows ME/XP removal considerations Variants |
