Troj/Drop-FS

Category: Viruses and Spyware Protection available since:15 Jun 2010 10:35:33 (GMT)
Type: Trojan Last Updated:15 Jun 2010 10:35:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Drop-FS is a Trojan dropper for the Windows platform.

Troj/Drop-FS attempts to drop a number of files to the <CommonFiles>\ComObject and <Application Data>\AMozilla\AFirefox\Profiles\ff.profile folders, including the following which are detected as Troj/Selite-A:

<CommonFiles>\ComObject\liveupdate.js
<CommonFiles>\ComObject\SP.exe
<CommonFiles>\ComObject\wSock.exe
<CommonFiles>\ComObject\AdvBox32.dll

Troj/Drop-FS attempts to run liveupdate.js, and sets the following registry to run it automatically:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMngr
wscript.exe <CommonFiles>\ComObject\liveupdate.js

Troj/Drop-FS may be downloaded by code exploiting the CVE 2010-1885 vulnerability - for more information see the following blog posts:

http://www.sophos.com/blogs/sophoslabs/?p=10045
http://www.sophos.com/blogs/gc/g/2010/06/15/tavis-ormandy-pleased-website-exploits-microsoft-zeroday/

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy