Infection Channel: Via email, Downloaded from the Internet
This Trojan exploits CVE-2012-1535, an Adobe vulnerability that is already patched before the release of this Trojan.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be downloaded by other malware/grayware/spyware from remote sites. It may be manually installed by a user.
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
File size: 298,496 bytes
File type: DOC
Initial samples received date: 15 Aug 2012
Payload: Drops files
Arrival Details
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
It may be downloaded by other malware/grayware/spyware from remote sites.
It may be manually installed by a user.
Installation
This Trojan drops and executes the following files:
- %User Profile%\Local Settings\~WORDL.tmp - detected as BKDR_BRIBA.EVL
- %User Profile%\Application Data\taskman.dll - detected as BKDR_BRIBA.EVL
(Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)
Dropping Routine
This Trojan takes advantage of the following software vulnerabilities to drop malicious files:
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
NOTES:
This is the Trend Micro detection for a Microsoft Office Word document with an embedded malicious Flash file.
Connect with us on
| | | |