Ads

Trojan - TROJ_MDROPPER.BO PDF Print E-mail
Saturday, 09 September 2006

Malware Overview

This Trojan may arrive on a system as a file attached to a spammed email message, dropped by other malware, or downloaded by an unsuspecting user when visiting malicious Web sites.

When executed, this specially crafted .DOC file exploits an undetermined vulnerability in Microsoft Word by executing a shellcode which, in turn, executes an embedded .EXE file detected by Trend Micro as BKDR_PCCLIENT.PX.

As a result, the routines of the related malware are exhibited on the affected machine.

Trend Micro is conducting an in-depth analysis of this malware to determine the vulnerability it exploits. More information will be posted shortly.



Solution:


Note: Before proceeding with the succeeding solution sets, please close all instances of Microsoft Word.

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.

Users running other Windows versions can proceed with the succeeding solution set(s).

Running Trend Micro Antivirus

If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected as TROJ_MDROPPER.BO and BKDR_PCCLIENT.PX. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.

Applying Patch

This malware exploits an undetermined vulnerability in Microsoft Word. Download and install the fix patch supplied by Microsoft as soon as the said vulnerability is determined. Refrain from using this product until the appropriate patch has been installed. Trend Micro advises users to download critical patches upon release by vendors.

 

 

Details:

This Trojan may arrive on a system as a file attached to a spammed email message, dropped by other malware, or downloaded by an unsuspecting user when visiting malicious Web sites.

When executed, this specially crafted .DOC file exploits an undetermined vulnerability in Microsoft Word by executing a shellcode which, in turn, executes an embedded .EXE file detected by Trend Micro as BKDR_PCCLIENT.PX.

As a result, the routines of the related malware are exhibited on the affected machine.

Trend Micro is conducting an in-depth analysis of this malware to determine the vulnerability it exploits. More information will be posted shortly.

It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.



Analysis By: Jocelyn D. Racoma
 
< Prev   Next >
[ Back ]