Home / malware

PDF

TrojanDownloader:Win32/Waledac.C

First posted on 25 February 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Waledac.C is also known as Generic Dropper.lr.gen.a (McAfee), Trojan.Downloader.Bredolab.CZ (BitDefender).

Explanation :

TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files.
Top

TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files.

Payload
Downloads and executes arbitrary files When executed the trojan connects to a specified remote IP address in order to download files. The downloaded files are written to %windir%\temp and executed The trojan has been seen to download variants of the following families of malware:

Win32/Waledac - a family of trojans that is generally used to send spam. They also has the ability to download and execute arbitrary files, harvest email addresses from the local machine, perform denial of service attacks, proxy network traffic and sniff passwords.

Win32/Winwebsec - a family of programs that claim to scan for malware and display fake warnings of €œmalicious programs and viruses€. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/Winwebsec has been distributed with several different names. The user interface varies to reflect each variant€™s individual branding.

Analysis by Ray Roberts

Last update 25 February 2010

 

TOP